Very quick DNS resolution when doing a forward lookup. Typical would expect under 100ms
Actual Behaviour:
After upgrade to v4.0 doing a forward lookup that returns a CNAME and subsequent lookup takes much much longer, maybe 400-1500ms which times out a lot of applications.
$ dig @192.168.1.27 yahoo.jp
; <<>> DiG 9.10.6 <<>> @192.168.1.27 yahoo.jp
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38251
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;yahoo.jp. IN A
;; ANSWER SECTION:
yahoo.jp. 300 IN A 183.79.23.196
yahoo.jp. 300 IN A 183.79.227.111
;; Query time: 1629 msec
;; SERVER: 192.168.1.27#53(192.168.1.27)
;; WHEN: Fri Aug 17 13:55:19 CDT 2018
;; MSG SIZE rcvd: 85
Fair enough point. Looks like I have some of default servers in here in addition to the Quad9 server. First three appear to be test servers with spki in use. Might just straight disable those.
address_data: 145.100.185.15
address_data: 145.100.185.16
address_data: 185.49.141.37
address_data: 9.9.9.9
Difference in Google 8.8.8.8 resolution and Pi-Hole + Stubby:
pi@raspi-pihole:~ $ dig @8.8.8.8 yahoo.jp
; <<>> DiG 9.10.3-P4-Raspbian <<>> @8.8.8.8 yahoo.jp
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5913
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;yahoo.jp. IN A
;; ANSWER SECTION:
yahoo.jp. 186 IN A 183.79.23.196
yahoo.jp. 186 IN A 183.79.227.111
;; Query time: 25 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Aug 17 15:38:37 CDT 2018
;; MSG SIZE rcvd: 69
pi@raspi-pihole:~ $ dig @192.168.1.27 yahoo.jp
; <<>> DiG 9.10.3-P4-Raspbian <<>> @192.168.1.27 yahoo.jp
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44127
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;yahoo.jp. IN A
;; ANSWER SECTION:
yahoo.jp. 300 IN A 183.79.227.111
yahoo.jp. 300 IN A 183.79.23.196
;; Query time: 672 msec
;; SERVER: 192.168.1.27#53(192.168.1.27)
;; WHEN: Fri Aug 17 15:38:50 CDT 2018
;; MSG SIZE rcvd: 85
Removing the three test servers does speed things up somewhat. Now into the sub-200ms range. I'm thinking that might be closer to "good" with the TLS overhead.
@jfb Thanks, that does help add some comparison. Mobile apps seem particularly sensitive to this. The kiddos have been bugging me about things not working the way they used to before. Learning opportunity, they too can learn Wireshark and networking!
Looking at debugging data from FTL, it doesn't seem like yahoo.jp is a CNAME:
[2018-08-17 23:16:49.815] **** new UDP query[A] "yahoo.jp" from 127.0.0.1 (ID 4)
[2018-08-17 23:16:49.815] **** forwarded yahoo.jp to 9.9.9.9 (ID 4)
[2018-08-17 23:16:50.096] **** got reply yahoo.jp is 183.79.23.196 (ID 4)
[2018-08-17 23:16:50.097] **** got reply yahoo.jp is 183.79.227.111 (ID 4)
You can see that 281 milliseconds between "forwarded to 9.9.9.9" and "got reply" have really been caused by the upstream provider.