DNS resolution is significantly slower for with IPv4 client address

Help
1

Expected Behaviour:

[Expecting the DNS resolution to happen as fast as the response time taken when pi-hole is not present
-Linux raspberrypi 4.19.57-v7+ #1244 SMP Thu Jul 4 18:45:25 BST 2019 armv7l GNU/Linux]

Actual Behaviour:

[ DNS queries are taking ~2 seconds to resolve. Upstream resolver is 1.1.1.1]

Jul  7 16:41:51 dnsmasq[19285]: query[A] fast.com from 2601:647:4201:88c0:<redacted>:73f6:9f93
Jul  7 16:41:51 dnsmasq[19285]: forwarded fast.com to 1.1.1.1
Jul  7 16:41:51 dnsmasq[19285]: reply fast.com is 23.10.144.165
Jul  7 16:41:52 dnsmasq[19285]: query[A] fast.com from 2601:647:4201:88c0:<redacted>:73f6:9f93
Jul  7 16:41:52 dnsmasq[19285]: cached fast.com is 23.10.144.165
Jul  7 16:41:53 dnsmasq[19285]: query[A] fast.com from 192.168.0.205
Jul  7 16:41:53 dnsmasq[19285]: cached fast.com is 23.10.144.165

Without Pi-Hole (192.168.0.37 is my Pi-Hole IP address)

C02NX9QQQQD:~ ylele$ time nslookup fast.com 1.1.1.1
Server:          1.1.1.1
Address:        1.1.1.1#53

Non-authoritative answer:
Name:   fast.com
Address: 104.84.186.211


real    0m0.139s
user    0m0.007s
sys     0m0.009s
C02NX9CWQQQD:~ ylele$ time nslookup fast.com
Server:          192.168.0.37
Address:        192.168.0.37#53

Non-authoritative answer:
Name:   fast.com
Address: 104.84.186.211


real    0m2.171s
user    0m0.006s
sys     0m0.008s

image
image2852×1528 314 KB

Debug Token:

[pxoowppgit]

2

Don't use time nslookup to compare the time it takes for dns resolution, as it will calculate the time for the whole nslookup process to finish.

Use dig instead, as it will tell you how long it took for the actual DNS resolution.

dig fast.com

; <<>> DiG 9.11.3-1ubuntu1.12-Ubuntu <<>> fast.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6341
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;fast.com.			IN	A

;; ANSWER SECTION:
fast.com.		30	IN	A	104.108.172.225

;; Query time: 4 msec
;; SERVER: 10.0.1.5#53(10.0.1.5)
;; WHEN: Tue Jul 07 19:42:19 CEST 2020
;; MSG SIZE  rcvd: 53

See "Query time".

For comparison a log of time nslookup which took 87ms according to Pihole's query log.

chrko@ThinkPad-X230:~$ time nslookup fast.com
Server:		10.0.1.5
Address:	10.0.1.5#53

Non-authoritative answer:
Name:	fast.com
Address: 104.108.172.225
Name:	fast.com
Address: ::


real	0m1,415s
user	0m0,012s
sys	0m0,005s
3

Thanks yubiuser, I would do that. But if you observe the time for DNS lookup in chrome network tool, even there it says it's taking around ~2 seconds to finish DNS query.

4

I'm not sure what chrome network tools does measure as DNS lookup time and if this is reliable.

Please repeat the lookups with dig to see if they really take so long to further investigate if there is a actual issue. Additionally have a look in pihole's query log what it does report for the query time.

2 seconds is really long - you should feel the lag when browsing. Do you experience such problems?

5

real doesn't really measure anything of value, that's dependent on a whole host of variables that are outside of Pi-hole's control.

Compare user and sys times, those are the true values of time taken for Pi-hole to come up with a result. You'll noted they are nearly identical.

6

You're on an older version of Pi-hole, v4.

You have a misconfigured IPv6 address, if your clients are trying to use the bad IPv6 DNS address then the clients will time out waiting for a response that will never come.


*** [ DIAGNOSING ]: Networking
[✓] IPv4 address(es) bound to the wlan0 interface:
   192.168.0.37/24 matches the IP found in /etc/pihole/setupVars.conf

[✓] IPv6 address(es) bound to the wlan0 interface:
   2601:647:<redact> does not match the IP found in /etc/pihole/setupVars.conf (https://discourse.pi-hole.net/t/use-ipv6-ula-addresses-for-pi-hole/2127)
   2601:647:<redact> does not match the IP found in /etc/pihole/setupVars.conf (https://discourse.pi-hole.net/t/use-ipv6-ula-addresses-for-pi-hole/2127)
   fe80::f92b:94c2:2f5c:ec25 does not match the IP found in /etc/pihole/setupVars.conf (https://discourse.pi-hole.net/t/use-ipv6-ula-addresses-for-pi-hole/2127)

   ^ Please note that you may have more than one IP address listed.
   As long as one of them is green, and it matches what is in /etc/pihole/setupVars.conf, there is no need for concern.

   The link to the FAQ is for an issue that sometimes occurs when the IPv6 address changes, which is why we check for it.

-------
*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] a54.suntimes.com is 0.0.0.0 via localhost (127.0.0.1)
[✓] a54.suntimes.com is 0.0.0.0 via Pi-hole (192.168.0.37)
[✓] doubleclick.com is 172.217.6.46 via a remote, public DNS server (8.8.8.8)

*** [ DIAGNOSING ]: Name resolution (IPv6) using a random blocked domain and a known ad-serving domain
[✓] desenvolvimentosdesites.com.br is :: via localhost (::1)
[✗] Failed to resolve desenvolvimentosdesites.com.br via Pi-hole (2601:647:4200:65a0:12ae:2d17:99ec:2e76)
[✓] doubleclick.com is 2607:f8b0:4005:804::200e via a remote, public DNS server (2001:4860:4860::8888)


------
*** [ DIAGNOSING ]: Setup variables
    PIHOLE_INTERFACE=wlan0
    IPV4_ADDRESS=192.168.0.37/24
    IPV6_ADDRESS=2601:647:4200:65a0:12ae:2d17:99ec:2e76
    QUERY_LOGGING=true
    INSTALL_WEB_SERVER=true
    INSTALL_WEB_INTERFACE=true
    LIGHTTPD_ENABLED=true
    BLOCKING_ENABLED=true
    DHCP_ACTIVE=true
    DHCP_START=192.168.0.201
    DHCP_END=192.168.0.251
    DHCP_ROUTER=192.168.0.1
    DHCP_LEASETIME=744
    PIHOLE_DOMAIN=lan
    DHCP_IPv6=true
    DHCP_rapid_commit=false
    DNSMASQ_LISTENING=single
    PIHOLE_DNS_1=1.1.1.1
    DNS_FQDN_REQUIRED=true
    DNS_BOGUS_PRIV=true
    DNSSEC=false
    CONDITIONAL_FORWARDING=false
7

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.