In my office LAN, queries to the DNS servers outside our LAN really often fail (timeout).
I suspect that it's some problem with our provider, but they have not responded to my complains.
Is there a tool that I could use to benchmark/measure the loss of outgoing DNS traffic. Either from the windows/linux workstation or from the OpenBSD 4 gateway?
I don't know of a tool that does this directly, but you could always just use tcpdump on the bsd gateway to sniff DNS requests and responses, and then compare requests to responses. The tcp dump would be something like:
tcpdump -i interface 'udp port 53' -o dumpfile
It is possible they would be tcp too, so you can capture both if you want. You can then analyze the dumpfile with wireshark by creating two filters, one for requests and one for responses. Then just count the number of requests vs responses, if reponses < requests, there may be an issue.
You can try switching to another DNS provider like OpenDNS (which also offers other features for your office environment). If your DNS issue disappears then that's a good indicator of the problem. You might even prefer the alternative DNS provider in the process...
Otherwise, you can use things like ping to test your connectivity and timing to the DNS server, and traceroute.
Is this on all systems or a select number of systems that this is happening? Is DNS the only one that is having this issue or are other protocols?
If you have a monitoring system set up, create a service check to perform a DNS query and report back the latency. If you also have a graphing system, plot these latencies on a graph.
If you have a DNS capture file (Kyle Brandt's suggestion is a good one) you can use Tshark to look for duplicates. For example, the following would read the capture file "dns-external.pcap" and generate a CSV file containing the IP source address, DNS query ID, and DNS query name(s):
tshark -n -r dns-external.pcap -T fields -E separator=, -E quote=d -e ip.src -e dns.id -e dns.qry.name > /tmp/dns.csv
You could then use Excel, OpenOffice, or sort < /tmp/dns.csv | uniq -d to look for duplicate requests.
You might also be able to spot anomalies using dnstop but I'm not sure if it has any features specific to duplicate / lost queries.
Set up a network capture on the gateway host. Run a capture and filter it for DNS traffic. Look for outbound DNS queries and inbound DNS answers. Try to match each outbound query to an inbound answer. If you find any that don't have a "match" (outbound query and inbound answer) then those queries were lost. You can then use this info to convince the ISP that there's something going on between you and them.
The only way to tell if DNS traffic is getting lost is to monitor traffic on both your gateway host as well as on a DNS server out on the internet.
Now you just run a program that does 10,000 requests and compare the responses you get back with the responses generated by that off-site name server. You'll want to do 10,000 requests for a specific domain (preferably 10,000 different requests so you don't get anything cached) and also 10,000 recursive lookups for 10,000 things that don't exist (evil ISPs like to filter and hijack NXDOMAIN responses.
