I have a machine running ubuntu 10.04 server. I've started getting long (5-10 second) delays when making connections to (some) sites outside of the LAN using tools like curl
and wget
.
Using tcpdump
and wireshark, I've found the problem to be in the DNS lookups that are being done to setup the connection:
EXAMPLE
When I run:
wget www.site1.com
I see the following behavior:
LOOKUP: AAAA www.site1.com
# => fail, no delay, site1 doesn't have an IPv6 AAAA record
LOOKUP: AAAA www.site1.com.mydomain.lan
# => fail, BIG DELAY, crazy domain doesn't exist
LOOKUP: A www.site1.com
# => success, no delay, resolves as expected (site1 has IPv4 A record)
CONNECTION PROCEEDS ...
MY SETUP
My server's resolv.conf looks like this:
nameserver 192.168.0.1 # my router
domain mydomain.lan # made up domain name, for my lan
search mydomain.lan
My server's hosts file looks like this:
127.0.0.1 localhost.localdomain localhost
192.168.0.10 server1.mydomain.lan server1
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
RESOLUTIONS?
Why is my resolv.conf search list being used in constructing the name for the 2nd lookup, when the resolv.conf man page suggests that it is only used when looking up host names (no dots):
"Resolver queries having fewer than ndots dots (default is 1) in them will be attempted using each component of the search path in turn until a match is found."
I am under the impression, the 2nd lookup is erroneous and should not be being performed at all...
If I remove the domain
and search
lines from resolv.conf, the 2nd lookup is no longer done and my delays go away.
(also, if I force wget to only deal with IPv4, the AAAA lookups aren't done, thus the delays dissappear) :
wget --inet4-only www.site1.com