1. Home
  2. Wireless Networking
  3. Is there a command that shows what's happening to a WISP at the DNS server level?

Is there a command that shows what's happening to a WISP at the DNS server level?

I am trying to figure out why my Santa Cruz mountains Surfnet WISP setup takes so long to load a web page (even Google's bare bones home page takes, sometimes far too long) so I'm trying to better understand how DNS servers work.

What I have in my wrt54g home router is a set of three supposedly fast DNS servers from this DNS server list:

formatting link
But, even so, on multiple computers in the home, Linux & Windoze, it takes far too long to 'get' the web pages, even though speedtest.net shows 18ms ping latency, 1Mbps upload, & 1.2 Mbps download.

I keep getting intermittent "Microtik hotspot errors" from Surfnet ... and their (rather grouchy) technical support blamed my DNS servers setup.

I can't prove or disprove that until/unless I better understand DNS servers, overall, and how they impact speed of loading (or not loading) web pages.

Is 'this' what happens?

  1. I type
    formatting link
    in my laptop browser on PC 10.20.30.1
  2. That "
    formatting link
    " request goes wirelessly to my office wrt54g router which is 10.20.30.40

THIS IS THE PART THAT I 'THINK' I UNDERSTAND ...

  1. The office wrt54g router sends that "
    formatting link
    " request to the rooftop ubuquiti radio which is 192.168.10.20 but the office wrt54g router must also be sending its DNS server list to the bridge (right?) a) wrt54g DNS1 = 8.8.8.8 b) wrt54g DNS2 = 8.8.4.4 c) wrt54g DNS3 = 4.2.2.1 d) wrt54g WINS = blank

What command can I use to 'see' that DNS transaction?

  1. My rooftop ubiquiti radio sends the "
    formatting link
    " request & DNS list to my rooftop antenna which sends it through the air to the Surfnet line-of-sight antenna on 192.168.4.1

THIS IS THE PART I REALLY DON'T UNDERSTAND.

  1. Surfnet sees that request for "
    formatting link
    " and the list of three DNS servers (I guess), and it forwards that "
    formatting link
    " request to the first of those DNS servers (I guess) which is 8.8.8.8.

  1. The DNS server at 8.8.8.8 presumably forwards back the IP address of "
    formatting link
    " (e.g., 74.125.224.112) but a "traceroute
    formatting link
    " on Ubuntu doesn't seem to show any of that).

HOW DO I CHECK HOW LONG THE DNS SERVER IS TAKING TO RESPOND?

Here is a traceroute:

$ traceroute

formatting link
traceroute to
formatting link
(74.125.224.112), 30 hops max, 60 byte packets 1 10.20.30.40 (10.20.30.40) 2.587 ms 7.338 ms 7.903 ms 2 192.168.10.20 (192.168.10.20) 16.803 ms 17.272 ms 17.713 ms 3 192.168.4.1 (192.168.4.1) 20.221 ms 20.353 ms 20.523 ms 4 64.74.213.61 (64.74.213.61) 20.618 ms 20.837 ms 21.409 ms 5 sanjose-mk.surfnetc.com (64.74.213.193) 23.447 ms 23.628 ms 23.856 ms 6 border1.internap.surfnetc.com (66.151.140.1) 24.043 ms 5.466 ms

15.656 ms 7 border1.g6-3.surfcomm-3.sje003.pnap.net (64.95.143.165) 16.140 ms 16.763 ms 17.040 ms 8 core3.pc1-bbnet1.sje.pnap.net (66.151.144.3) 17.494 ms core3.pc2- bbnet2.sje.pnap.net (66.151.144.67) 21.470 ms core3.pc1- bbnet1.sje.pnap.net (66.151.144.3) 21.654 ms 9 xe-0-0-0-4.r06.snjsca04.us.bb.gin.ntt.net (128.241.219.129) 21.791 ms 21.941 ms 22.055 ms 10 ae-3.r07.snjsca04.us.bb.gin.ntt.net (129.250.5.59) 22.256 ms 25.348 ms 27.017 ms 11 xe-9-0-0.edge1.sanjose3.level3.net (4.68.110.49) 26.147 ms * 27.038 ms 12 * * * 13 you-tube-in.edge2.sanjose1.level3.net (4.79.40.178) 13.144 ms 13.649 ms 17.372 ms 14 72.14.232.136 (72.14.232.136) 17.558 ms 17.943 ms 18.496 ms 15 64.233.174.109 (64.233.174.109) 18.914 ms 26.702 ms 24.631 ms 16 74.125.224.112 (74.125.224.112) 26.859 ms 27.346 ms 27.018 ms

Obviously I'm confused but I'm trying to debug why web pages, intermittently, take far too long to load (and one out of fifty fail outright, giving a Microtik hotspot error, 192.168.4.1).

Is there a command that shows what is happening at the DNS server level?

Reply to
U vigilance
Loading thread data ...

Greeting from Ben Lomond.

Pick your server using Google Namebench or Gibson's DNSbench.

The Google version is more thorough.

Are you cacheing DNSlookups in your router? If so, that may be the problem. Some routers are just plane buggy. Unfortunately, the WRT54G is one of those. If v4 and below, you're probably ok. If v5 or v6, they're garbage. I forgot what v7 and v8 are like.

I see you've talked to Brett. Say hellow for me. He's really a good guy, but thoroughly overloaded and minimally supported.

You should NOT be seeing Microtik hotspot error messages unless SurfnetC is running their mesh as a hot spot or that you're connecting via wireless to their Mikrotik mesh router. My guess is the latter and that you're having connection issues between your wireless laptop/desktop and the Mikrotic wireless router on your roof? Since they are both operating on the same RF channel, you're going to get intererence from other users and other mesh routers connecting to it.

Plenty of ways to screw up DNS lookups.

So far, so good. Have you tried taking the office wireless link out of the picture and connecting to the WRT54G with a CAT5 cable? You should.

Close. The WRT54G router has a DNS cache inside. It will first look in the unspecified operating system's DNS cache on the laptop for the IP address. If Windoze XP, you can get this list with: ipconfig /displaydns You can also clear it with: ipconfig /flushdns

If there's nothing for google on the laptop, it goes to whatever is the default gateway. If your unspecified operating system on your laptop has 10.20.30.40 as the default gateway, it will query

10.20.30.40 for the IP address. The WRT54G router also has a DNS cache, where it looks for a match for google.com. If found, it returns whatever is stored. There's no way to get to the DNS lookup table with the stock firmware.

If nothing is found in the router, it goes to the first DNS server and queries for

formatting link
(I do NOT want to dive into details on how it parses the FQDN, TLD servers, or recursive lookups). If the first DNS server is down or times out, it goes to the 2nd DNS server. This usually takes about 30-45 seconds. If both the first and 2nd are down, it goes to the third. It tries 3-4 times each and then gives up with an error message, which could easily take over a minute.

What operating system are you using on your laptop? It can't be done with the stock Linksys firmware.

I didn't know the SurfnetC is now using Ubiquiti. Are you sure?

Ok, you're using Ubuntu. Good to know. Thanks.

For Ubuntu, you may or may not have the DNS cache (nscd) enabled:

If nscd is not installed, don't worry about the local cache. However, if installed, look for corruption and garbage.

Namebench or DNSbench. Namebench should run on Linux.

Hint: Take as much of the intermediate hardware at your house out of the picture. That means plug your PC directly into the Mikrotic/Ubiquiti/whatever router. Test again.

Not that I know of.

Reply to
Jeff Liebermann

nslookup might be helpful. It will show which servers are being queried, but not the relevent timing. If it takes a while to get a response, then there are delays. Maybe someone has done a version that includes timing. Dunno.

The idea behind the abcdefg.com is to find a domain that is probably NOT in a cache somewhere. Much easier than flushing the caches. This is Windoze XP because I'm too lazy to warm up the Linux laptop.

You can crank up the debug level with: set d2

You can use Google DNS instead of your local DNS with server 8.8.8.8

C:\> nslookup Default Server: DD-WRT Address: 192.168.1.1

Server: DD-WRT Address: 192.168.1.1

------------ Got answer: HEADER: opcode = QUERY, id = 2, rcode = NOERROR header flags: response, want recursion, recursion avail. questions = 1, answers = 1, authority records = 2, additional = 0

QUESTIONS:

formatting link
type = ANY, class = IN ANSWERS: ->
formatting link
internet address = 64.74.115.210 ttl = 7200 (2 hours) AUTHORITY RECORDS: -> abcdefg.com nameserver = ns16.worldnic.com ttl = 172800 (2 days) -> abcdefg.com nameserver = ns15.worldnic.com ttl = 172800 (2 days)

------------ Non-authoritative answer:

formatting link
internet address = 64.74.115.210 ttl = 7200 (2 hours)

abcdefg.com nameserver = ns16.worldnic.com ttl = 172800 (2 days) abcdefg.com nameserver = ns15.worldnic.com ttl = 172800 (2 days)

>
Reply to
Jeff Liebermann

Also try dig.

Reply to
Jeff Liebermann

Also try using "dig". It shows all the DNS servers that are being queried and supplies the times. Nice.

C:\> dig

formatting link
+trace

; DiG 9.3.2

formatting link
+trace ;; global options: printcmd . 248165 IN NS j.root-servers.net. . 248165 IN NS f.root-servers.net. . 248165 IN NS c.root-servers.net. . 248165 IN NS e.root-servers.net. . 248165 IN NS a.root-servers.net. . 248165 IN NS h.root-servers.net. . 248165 IN NS g.root-servers.net. . 248165 IN NS b.root-servers.net. . 248165 IN NS d.root-servers.net. . 248165 IN NS k.root-servers.net. . 248165 IN NS i.root-servers.net. . 248165 IN NS l.root-servers.net. . 248165 IN NS m.root-servers.net. ;; Received 500 bytes from 192.168.1.1#53(192.168.1.1) in 62 ms

com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. ;; Received 507 bytes from 192.58.128.30#53(j.root-servers.net) in 125 ms

abcdefghi.com. 172800 IN NS ns1.hostingnet.com. abcdefghi.com. 172800 IN NS ns2.hostingnet.com. ;; Received 114 bytes from 192.52.178.30#53(k.gtld-servers.net) in 250 ms

formatting link
300 IN A 208.87.32.69 ;; Received 51 bytes from 208.87.32.72#53(ns1.hostingnet.com) in 218 ms

Reply to
Jeff Liebermann

NSCD is not installed by default, so unlikely.

apt-get install dnsutils

Then

dig hostname

'Query time' will be listed near the bottom.

dig hostname @another.name.server

to test other name servers.

Reply to
alexd

FWIW, I ran the google code. Their solution was twice as fast (so they claim) as my isp DNS, so I changed the DNSs to their suggestions. I don't know what I'm going to do with all the millisecond I've saved.

Reply to
miso

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.