[squid-users] Anyone has experience with Windows clients DNS timeout
L.P.H. van Belle
belle at bazuin.nl
Wed Dec 30 08:07:50 UTC 2020
Hai Elizer
Sorry, im not fully agreeing with Amos here..
If you DNS is taking 7-10 sec, i would investigate why the dns is that slow.
Something is off, that simple.
A small example of my dns resolving to internet and my lan dnsservers.
time dig a www.google.nl @8.8.8.8 @internet dns
real 0m0.115s
real 0m0.031s @lan dns, lookup 1.
real 0m0.016s @lan dns, lookup 2. (cached one)
So, in my opinion 7-10 seconds timeout is really off.
In the last we..
Is the lan dns set as an authoritive server.
Are the pc's correctly registering in the dns with there primary DNS domain.
in resolv.conf make sure the primaryDns domain is first in resolv.conf
primary.dnsdomain.tld = output of $(hostname -d)
search primary.dnsdomain.tld (optional extra, other.dnsdomain.tld dnsdomain.tld )
nameserver 192.168.1.1
nameserver 192.168.1.2
nameserver 192.168.1.3
nameserver 192.168.1.4
nameserver 192.168.1.5
# these are the options to look into also. ( in this order )
options edns0 # allowed 4096 byte packages.
options rotate # if you have more then 1 dns server this can help.
options timeout:3
options no-check-names # dont check for invalid characters such as underscore (_), non-ASCII, or control characters.
Check the following.
- the DNS server tries to query first to the internet.
fix might be, resolving (search line) in /etc/resolv.conf
ipv4 / ipv6, try disableing ipv6 on the windows clients.
Dns is Non authoritive where it might be needed to set it to Authoritive.
Dns server is missing forwaring to the authoritive server.
Routing and routing orders
Are EDNS (4096bytes) big packages allowed
And is the firewall allowing UDP and TCP packages on port 53
I run 3 samba-AD dns servers with Bind9_DLZ
My proxy runs a Bind9 caching and forwarding setup.
The primay DNS domain is forwarded to the Samba-AD dns server.
These are the Authoritive servers.
This is on average my slowest querie 0.1-0.2 sec ( on the samba dns )
i checked the last year in my monitoring.
Normal is 0.03-0.01 sec
If there are problems in samba these days its 80% of all cases a resolving setup problem.
I hope this gave you some ideas.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] Namens
> NgTech LTD
> Verzonden: dinsdag 29 december 2020 21:02
> Aan: Squid Users
> Onderwerp: [squid-users] Anyone has experience with Windows clients DNS
> timeout
>
> I have seen this issue on Windows clients over the past.
> Windows nslookup shows that the query has timed out after 2 seconds.
> On Linux and xBSD I have researched this issue and have seen that:
> the DNS server is doing a recursive lookup and it takes from 7 to 10++
> seconds sometimes.
> When I pre-warn the DNS cache and the results are cached it takes
> lower then 500 ms for a response to be on the client side and then
> everything works fine.
>
> I understand that Windows DNS client times out..
> When using froward proxy with squid or any other it works as expected
> since the DNS resolution is done on the proxy server.
> However for this issue I believe that this timeout should be increased
> instead of moving to DNS over HTTPS.
>
> I would like to hear if anyone has any resolution for this issue on
> the Windows clients side.
>
> Thanks,
> Eliezer
>
> ----
> Eliezer Croitoru
> Tech Support
> Mobile: +972-5-28704261
> Email: ngtech1ltd at gmail.com
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list