Linux

5秒解析延遲

  • August 7, 2019

使用 wget (curl, httplib2) 我總是得到 5 秒的解析超時。當我執行 wget -4 或 wget -6 時,這個問題不會出現。解析也可以使用 dig 或 host。可以使用 /etc/resolv.conf 中的“options timeout:2”來降低延遲

strace 的輸出是:

15:19:09.908234 uname({sys="Linux", node="openkvk", ...}) = 0 
15:19:09.908413 socket(PF_INET, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 3 
15:19:09.908482 connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("212.83.206.202")}, 16) = 0 
15:19:09.908569 poll([{fd=3, events=POLLOUT}], 1, 0) = 1 ([{fd=3, revents=POLLOUT}]) 
15:19:09.908637 sendto(3, "F\347\1\0\0\1\0\0\0\0\0\0\10slashdot\3org\0\0\1\0\1", 30, MSG_NOSIGNAL, NULL, 0) = 30 
15:19:09.908735 poll([{fd=3, events=POLLIN|POLLOUT}], 1, 5000) = 1 ([{fd=3, revents=POLLOUT}])
15:19:09.908804 sendto(3, "F\331\1\0\0\1\0\0\0\0\0\0\10slashdot\3org\0\0\34\0\1", 30, MSG_NOSIGNAL, NULL, 0) = 30 
15:19:09.908884 poll([{fd=3, events=POLLIN}], 1, 4999) = 1 ([{fd=3, revents=POLLIN}]) 
15:19:09.911230 ioctl(3, FIONREAD, [46]) = 0 
15:19:09.911308 recvfrom(3, "F\347\201\200\0\1\0\1\0\0\0\0\10slashdot\3org\0\0\1\0\1\300\f"..., 2048, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("212.83.206.202")}, [16]) = 46 
15:19:09.911445 poll([{fd=3, events=POLLIN}], 1, 4997) = 0 (Timeout) 
15:19:14.909096 poll([{fd=3, events=POLLOUT}], 1, 0) = 1 ([{fd=3, revents=POLLOUT}]) 
15:19:14.909189 sendto(3, "F\347\1\0\0\1\0\0\0\0\0\0\10slashdot\3org\0\0\1\0\1", 30, MSG_NOSIGNAL, NULL, 0) = 30 
15:19:14.909292 poll([{fd=3, events=POLLIN}], 1, 5000) = 1 ([{fd=3, revents=POLLIN}]) 
15:19:14.911569 ioctl(3, FIONREAD, [46]) = 0 
15:19:14.911644 recvfrom(3, "F\347\201\200\0\1\0\1\0\0\0\0\10slashdot\3org\0\0\1\0\1\300\f"..., 2048, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("212.83.206.202")}, [16]) = 46 
15:19:14.911772 poll([{fd=3, events=POLLOUT}], 1, 4997) = 1 ([{fd=3, revents=POLLOUT}]) 
15:19:14.911837 sendto(3, "F\331\1\0\0\1\0\0\0\0\0\0\10slashdot\3org\0\0\34\0\1", 30, MSG_NOSIGNAL, NULL, 0) = 30 
15:19:14.912051 poll([{fd=3, events=POLLIN}], 1, 4997) = 1 ([{fd=3, revents=POLLIN}]) 
15:19:14.914034 ioctl(3, FIONREAD, [106]) = 0

Tcpdump 輸出:

tcpdump -vvv  port 53 
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 
15:19:09.908687 IP (tos 0x0, ttl 64, id 37830, offset 0, flags [DF], proto UDP (17), length 58) 
   93.157.136.242.38551 > 212.83.206.202.domain: [bad udp cksum 3576!] 18151+ A? slashdot.org. (30) 
15:19:09.908852 IP (tos 0x0, ttl 64, id 37831, offset 0, flags [DF], proto UDP (17), length 58) 
   93.157.136.242.38551 > 212.83.206.202.domain: [bad udp cksum 2876!] 18137+ AAAA? slashdot.org. (30) 
15:19:09.911081 IP (tos 0x0, ttl 59, id 0, offset 0, flags [DF], proto UDP (17), length 74) 
   212.83.206.202.domain > 93.157.136.242.38551: [udp sum ok] 18151 q: A? slashdot.org. 1/0/0 slashdot.org. [22m21s] A 216.34.181.45 (46) 
15:19:14.909246 IP (tos 0x0, ttl 64, id 37832, offset 0, flags [DF], proto UDP (17), length 58) 
   93.157.136.242.38551 > 212.83.206.202.domain: [bad udp cksum 3576!] 18151+ A? slashdot.org. (30) 
15:19:14.911442 IP (tos 0x0, ttl 59, id 0, offset 0, flags [DF], proto UDP (17), length 74) 
   212.83.206.202.domain > 93.157.136.242.38551: [udp sum ok] 18151 q: A? slashdot.org. 1/0/0 slashdot.org. [22m16s] A 216.34.181.45 (46) 
15:19:14.911882 IP (tos 0x0, ttl 64, id 37833, offset 0, flags [DF], proto UDP (17), length 58) 
   93.157.136.242.38551 > 212.83.206.202.domain: [bad udp cksum 2876!] 18137+ AAAA? slashdot.org. (30) 
15:19:14.913906 IP (tos 0x0, ttl 59, id 0, offset 0, flags [DF], proto UDP (17), length 134) 
   212.83.206.202.domain > 93.157.136.242.38551: [udp sum ok] 18137 q: AAAA? slashdot.org. 0/1/0 ns: slashdot.org. [3m39s] SOA ns-1.ch3.sourceforge.com. hostmaster.corp.sourceforge.com. 2011101300 14400 1800 604800 3600 (106)

像 dig/host 這樣的工具執行類似於使用 wget -4 或 wget -6,即時,沒有任何問題。

我已經單獨嘗試了以下每個伺服器。

nameserver 2001:4018:3:12::202
nameserver 2001:4018:1:64::202
nameserver 212.83.206.202
nameserver 213.207.64.202
nameserver 8.8.8.8
nameserver 8.8.4.4

什麼可能導致這種延遲?

要求的輸出:wget -4(有效)

23:41:10.428217 IP (tos 0x0, ttl 64, id 11790, offset 0, flags [DF], proto UDP (17), length 55)
   93.157.136.242.51379 > 212.83.206.202.domain: [bad udp cksum e070!] 65414+ A? vircon.nl. (27)
23:41:10.430442 IP (tos 0x0, ttl 59, id 0, offset 0, flags [DF], proto UDP (17), length 71)
   212.83.206.202.domain > 93.157.136.242.51379: [udp sum ok] 65414 q: A? vircon.nl. 1/0/0 vircon.nl. [15h59m29s] A 31.193.104.52 (43)

23:41:10.427920 socket(PF_INET, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 3
23:41:10.427982 connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("212.83.206.202")}, 16) = 0
23:41:10.428095 poll([{fd=3, events=POLLOUT}], 1, 0) = 1 ([{fd=3, revents=POLLOUT}])
23:41:10.428166 sendto(3, "\377\206\1\0\0\1\0\0\0\0\0\0\6vircon\2nl\0\0\1\0\1", 27, MSG_NOSIGNAL, NULL, 0) = 27
23:41:10.428262 poll([{fd=3, events=POLLIN}], 1, 5000) = 1 ([{fd=3, revents=POLLIN}])
23:41:10.430572 ioctl(3, FIONREAD, [43]) = 0
23:41:10.430651 recvfrom(3, "\377\206\201\200\0\1\0\1\0\0\0\0\6vircon\2nl\0\0\1\0\1\300\f\0\1\0"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("212.83.206.202")}, [16]) = 43
23:41:10.430774 close(3)

wget(壞了)

23:40:13.577621 IP (tos 0x0, ttl 64, id 20475, offset 0, flags [DF], proto UDP (17), length 55)
   93.157.136.242.55276 > 212.83.206.202.domain: [bad udp cksum 16c!] 62764+ A? vircon.nl. (27)
23:40:13.577786 IP (tos 0x0, ttl 64, id 20476, offset 0, flags [DF], proto UDP (17), length 55)
   93.157.136.242.55276 > 212.83.206.202.domain: [bad udp cksum 9654!] 61847+ AAAA? vircon.nl. (27)
23:40:13.579879 IP (tos 0x0, ttl 59, id 0, offset 0, flags [DF], proto UDP (17), length 71)
   212.83.206.202.domain > 93.157.136.242.55276: [udp sum ok] 62764 q: A? vircon.nl. 1/0/0 vircon.nl. [22h20m8s] A 31.193.104.52 (43)
23:40:18.582490 IP (tos 0x0, ttl 64, id 20477, offset 0, flags [DF], proto UDP (17), length 55)
   93.157.136.242.55276 > 212.83.206.202.domain: [bad udp cksum 16c!] 62764+ A? vircon.nl. (27)
23:40:18.584709 IP (tos 0x0, ttl 59, id 0, offset 0, flags [DF], proto UDP (17), length 71)
   212.83.206.202.domain > 93.157.136.242.55276: [udp sum ok] 62764 q: A? vircon.nl. 1/0/0 vircon.nl. [16h21s] A 31.193.104.52 (43)
23:40:18.585163 IP (tos 0x0, ttl 64, id 20478, offset 0, flags [DF], proto UDP (17), length 55)
   93.157.136.242.55276 > 212.83.206.202.domain: [bad udp cksum 9654!] 61847+ AAAA? vircon.nl. (27)
23:40:18.587212 IP (tos 0x0, ttl 59, id 0, offset 0, flags [DF], proto UDP (17), length 106)
   212.83.206.202.domain > 93.157.136.242.55276: [udp sum ok] 61847 q: AAAA? vircon.nl. 0/1/0 ns: vircon.nl. [56m25s] SOA ns1.vircon.nl. hostmaster.vircon.nl. 2011120602 10800 3600 604800 86400 (78)

23:40:13.577353 socket(PF_INET, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 3
23:40:13.577417 connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("212.83.206.202")}, 16) = 0
23:40:13.577502 poll([{fd=3, events=POLLOUT}], 1, 0) = 1 ([{fd=3, revents=POLLOUT}])
23:40:13.577572 sendto(3, "\365,\1\0\0\1\0\0\0\0\0\0\6vircon\2nl\0\0\1\0\1", 27, MSG_NOSIGNAL, NULL, 0) = 27
23:40:13.577667 poll([{fd=3, events=POLLIN|POLLOUT}], 1, 5000) = 1 ([{fd=3, revents=POLLOUT}])
23:40:13.577737 sendto(3, "\361\227\1\0\0\1\0\0\0\0\0\0\6vircon\2nl\0\0\34\0\1", 27, MSG_NOSIGNAL, NULL, 0) = 27
23:40:13.577892 poll([{fd=3, events=POLLIN}], 1, 4999) = 1 ([{fd=3, revents=POLLIN}])
23:40:13.580007 ioctl(3, FIONREAD, [43]) = 0
23:40:13.580105 recvfrom(3, "\365,\201\200\0\1\0\1\0\0\0\0\6vircon\2nl\0\0\1\0\1\300\f\0\1\0"..., 2048, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("212.83.206.202")}, [16]) = 43
23:40:13.580229 poll([{fd=3, events=POLLIN}], 1, 4997) = 0 (Timeout)
23:40:18.582338 poll([{fd=3, events=POLLOUT}], 1, 0) = 1 ([{fd=3, revents=POLLOUT}])
23:40:18.582433 sendto(3, "\365,\1\0\0\1\0\0\0\0\0\0\6vircon\2nl\0\0\1\0\1", 27, MSG_NOSIGNAL, NULL, 0) = 27
23:40:18.582535 poll([{fd=3, events=POLLIN}], 1, 5000) = 1 ([{fd=3, revents=POLLIN}])
23:40:18.584835 ioctl(3, FIONREAD, [43]) = 0
23:40:18.584912 recvfrom(3, "\365,\201\200\0\1\0\1\0\0\0\0\6vircon\2nl\0\0\1\0\1\300\f\0\1\0"..., 2048, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("212.83.206.202")}, [16]) = 43
23:40:18.585048 poll([{fd=3, events=POLLOUT}], 1, 4997) = 1 ([{fd=3, revents=POLLOUT}])
23:40:18.585117 sendto(3, "\361\227\1\0\0\1\0\0\0\0\0\0\6vircon\2nl\0\0\34\0\1", 27, MSG_NOSIGNAL, NULL, 0) = 27
23:40:18.585300 poll([{fd=3, events=POLLIN}], 1, 4997) = 1 ([{fd=3, revents=POLLIN}])
23:40:18.587325 ioctl(3, FIONREAD, [78]) = 0
23:40:18.587394 recvfrom(3, "\361\227\201\200\0\1\0\0\0\1\0\0\6vircon\2nl\0\0\34\0\1\300\f\0\6\0"..., 2005, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("212.83.206.202")}, [16]) = 78
23:40:18.587513 close(3)

您的問題在http://udrepper.livejournal.com/20948.html上進行了描述,並且是由 IPv4 和 IPv6 上的並行查找引起的,這與某些 DNS 伺服器和防火牆不兼容。

正如上面提到的連結,它可以通過在 /etc/resolv.conf 中的選項中添加“single-request”來修復。

如果您更喜歡 NetworkManager 服務,那麼使用nmtui/nmcli會更好。(以下cmds在centos7上測試過)

更改設置(針對那些遭受 5s DNS 延遲問題的人)

nmcli con modify YourConnName ipv4.dns-options "single-request-reopen timeout:2"

您可以通過執行以下命令找到 YourConnName:nmcli con show

應用設置

nmcli con down YourConnName ; nmcli con up YourConnName

PS更改設置為預設,為空

nmcli c m YourConnName ipv4.dns-options ''

引用自:https://serverfault.com/questions/339791

相關問答

Linux

DNS重定向方案是否可能?

  • August 23, 2022
檢視問答
Linux

實現高 DNS QPS 吞吐量

  • April 5, 2022
檢視問答
Linux

在 VPS、centOS 6 上刪除 glibc x86_64

  • March 4, 2022
檢視問答
Linux

如何複製傳入的 DNS 數據包並使用 iptables 將它們發送到不同的名稱伺服器?

  • February 21, 2022
檢視問答
Linux

BIND 9 有沒有辦法在終止並在啟動時重新載入之前自動將其記憶體轉儲到文件中

  • February 7, 2022
檢視問答
Linux

DHCP 選項“域名”和“域搜尋”之間的區別

  • January 19, 2022
檢視問答