Why is "dig localhost" so much quicker than "nslookup localhost"?

0

When looking up the address for localhost, nslookup localhost takes ~15 seconds:

$ /usr/bin/time nslookup localhost
;; connection timed out; no servers could be reached

Command exited with non-zero status 1
0.00user 0.00system 0:15.00elapsed 0%CPU (0avgtext+0avgdata 4072maxresident)k
0inputs+0outputs (0major+1121minor)pagefaults 0swaps

dig localhost is immediate.

$ /usr/bin/time dig localhost

; <<>> DiG 9.9.5-3ubuntu0.17-Ubuntu <<>> localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20936
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;localhost.         IN  A

;; ANSWER SECTION:
localhost.      0   IN  A   127.0.0.1

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed May 09 08:53:37 UTC 2018
;; MSG SIZE  rcvd: 43

0.00user 0.00system 0:00.07elapsed 6%CPU (0avgtext+0avgdata 4244maxresident)k
320inputs+0outputs (1major+1164minor)pagefaults 0swaps

Why is dig so much faster than nslookup? What is nslookup doing / dig not doing that takes so long?

Incidentally:

$ grep localhost /etc/hosts
127.0.0.1 localhost

The fact that nslookup is failing is down to a configuration issue: /etc/resolv.conf contains an extra search suffix, which is being forwarded to a non-existent resolver.

My question is: why the difference?

Roger Lipscombe

Posted 2018-05-09T08:58:31.643

Reputation: 1 933

In your own output nslookup is failing so that isn't a meaningful comparison. For me both commands are near instant. – jdwolf – 2018-05-09T09:34:09.843

dig and nslookup both take around 10ms for me. as @jdwolf pointed out, your output shows that nslookup is timing out, hinting at a configuration issue. – Attie – 2018-05-09T09:42:01.493

I know it's a configuration issue. My question is why the difference? I've updated the question. – Roger Lipscombe – 2018-05-09T10:06:01.857

Answers

1

In your particular case, it's because nslookup is timing out, which usually takes a very long time compared to getting a valid response.

As a bit of further background:

  • dig is mostly a low-level debugging tool. It doesn't do recursion by itself, requires you to specify a server to query, and lets you query arbitrary RR types (or just ANY to get all the records`) It's generally going to be marginally faster doing the actual lookup than nslookup simply because it has all the data it needs on the command-line.
  • nslookup is designed to be an interactive tool for querying DNS infrastructure, instead of inherently doing spot-lookups like dig does. It happens to provide a non-interactive mode (which you are using above), but that's mostly just shorthand. While you can tell it to use a specific server, it will default to using ones configured in /etc/resolv.conf, and thus the startup without a server specified is marginally slower than dig (because it has to look in a file).
  • host, which you didn't mention, but is worth mentioning here for completeness, is a command provided by the C library for doing hostname lookups. It uses the name resolution routines in the C library, which means that it honors /etc/resolv.conf, but it also will honor settings in /etc/nsswitch.conf, which means it may look up hostnames in /etc/hosts, via NIS or NIS+, via LDAP, via mDNS (if you use the right TLD for this), via LLMNR, or through any number of other means, As a result, it's slow compared to dig and nslookup, but it also shows you exactly waht a program that's using the system's name resolution settings instead of doing it's own DNS will see.

Austin Hemmelgarn

Posted 2018-05-09T08:58:31.643

Reputation: 4 345

Asked: 2018-05-09T08:58:31.643

Viewed: 1 656 times

Active: 2018-05-09T18:58:20.030