Re: help for DNS queries
On Mon, Aug 5, 2019, at 20:32, Paulina wrote: > > On Mon, Aug 5, 2019, at 06:50, Paulina wrote: > >> > >> I have been using a cloud host, it seems I have a unnormal DNS resolver > >> entry: > > > > And what exactly is unnormal in: > > > >> nameserver 127.0.0.53 > >> options edns0 > > > > ??? > > Sorry my mistake. > After checking the documents I just know what's the difference between > Caching server and auth-server for DNS queries. In fact the difference to know about is between a recursive nameserver and an authoritative one (both services should be separate while historically at least some software like bind could be configured to do both). Recursive nameservers have a cache, but this is a side effect. > So it seems I am using a caching server whose IP addr is 127.0.0.53. Yes, your system is configured like that. > But isn't this addr a loopback IP? I was not sure about it. Yes, everything like 127.x.y.z, so it just means that you have a recursive nameserver running and listening on your host. Which is often/most of the time the desired setup in fact. > I was thinking the caching server should be 8.8.8.8 etc. A matter of taste and it depends on your configuration also, if you have to resolve purely internal names. I dislike it for both technical reasons and non-technical ones: people seem to believe that this is the single one existing (and then later complaining how Google is becoming a gigantic organization touching everything) while many other companies provide the same service, at 9.9.9.9 or 1.1.1.1, etc. > what the helps I asked is that this server (127.0.0.53) returns many > timeout during my modperl querying process. You are not showing specific examples of your timeouts. And you should have a look at your nameserver logfile. > I think I may ask the sysadmin to add more caching servers and make them > have good network connection with internet, am I right? More instances of recursive nameservers will most probably not help, but a good network connection surely can only help. You can use dig with its @ argument to specify which nameserver to query and then you can compare the reply times. You may also need to play with the +tcp/+notcp flags to force UDP or TCP queries and see if things change, and/or the +cd/+nocd flag to enable or disable DNSSEC processing during troubleshooting. But all the above is pretty much unrelated to modperl, so offtopic on this mailing-list I think. -- Patrick Mevzek
Re: help for DNS queries
On 06.08.2019 03:32, Paulina wrote: On Mon, Aug 5, 2019, at 06:50, Paulina wrote: I have been using a cloud host, it seems I have a unnormal DNS resolver entry: And what exactly is unnormal in: nameserver 127.0.0.53 options edns0 ??? Sorry my mistake. After checking the documents I just know what's the difference between Caching server and auth-server for DNS queries. So it seems I am using a caching server whose IP addr is 127.0.0.53. Does this article provide any help for you ? https://askubuntu.com/questions/1012641/dns-set-to-systemds-127-0-0-53-how-to-change-permanently I got this by asking Google for "what is 127.0.0.53" Similarly, asking for "what is LLMNR" gets you this : https://en.wikipedia.org/wiki/Link-Local_Multicast_Name_Resolution and I also find plenty of information that suggests that you should disable it.. (but I don't have any experience with it, or personal knowledge that says that this is true) Also (but this is a different thing) : See : https://en.wikipedia.org/wiki/Dnsmasq You will find plenty of descriptions of dnsmasq on the WWW, but as a short primer : - dnsmasq runs as a daemon on you local system, and listens for DNS requests on 127.0.0.1:53 - the "DNS resolver" on your localhost is configured to "ask" dnsmasq first, whenever an application has a DNS query - when dnsmasq receives a DNS query, it consults its local cache first, then the local "hosts" file, and then (if it does not find the answer there), itself is configured to ask one or more external DNS servers. (and if it gets a result from there, it puts it in its local cache, for a while). But isn't this addr a loopback IP? I was not sure about it. I was thinking the caching server should be 8.8.8.8 etc. (base) pyh@ubuntu-18:~$ dig google.com.hk ; <<>> DiG 9.11.3-1ubuntu1.5-Ubuntu <<>> google.com.hk ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58759 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;google.com.hk. IN A ;; ANSWER SECTION: google.com.hk. 22 IN A 172.217.31.131 ;; Query time: 1 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Mon Aug 05 19:48:49 CST 2019 ;; MSG SIZE rcvd: 58 Can you help with it? thanks in advance. Help with what exactly? What is wrong with this DNS reply for you? Seems totally legit. what the helps I asked is that this server (127.0.0.53) returns many timeout during my modperl querying process. I think I may ask the sysadmin to add more caching servers and make them have good network connection with internet, am I right? thanks & regards. Paulina
Re: help for DNS queries
On Mon, Aug 5, 2019, at 06:50, Paulina wrote: I have been using a cloud host, it seems I have a unnormal DNS resolver entry: And what exactly is unnormal in: nameserver 127.0.0.53 options edns0 ??? Sorry my mistake. After checking the documents I just know what's the difference between Caching server and auth-server for DNS queries. So it seems I am using a caching server whose IP addr is 127.0.0.53. But isn't this addr a loopback IP? I was not sure about it. I was thinking the caching server should be 8.8.8.8 etc. (base) pyh@ubuntu-18:~$ dig google.com.hk ; <<>> DiG 9.11.3-1ubuntu1.5-Ubuntu <<>> google.com.hk ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58759 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;google.com.hk. IN A ;; ANSWER SECTION: google.com.hk. 22 IN A 172.217.31.131 ;; Query time: 1 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Mon Aug 05 19:48:49 CST 2019 ;; MSG SIZE rcvd: 58 Can you help with it? thanks in advance. Help with what exactly? What is wrong with this DNS reply for you? Seems totally legit. what the helps I asked is that this server (127.0.0.53) returns many timeout during my modperl querying process. I think I may ask the sysadmin to add more caching servers and make them have good network connection with internet, am I right? thanks & regards. Paulina
Re: help for DNS queries
On Mon, Aug 5, 2019, at 09:22, Chris Bennett wrote: > I am also having problems in the same way with two domains using .rocks. > I find a lot of problems with on the internet testing sites refusing to > recognize that ending. > I really like that .rocks, because it gives me some superb names for > domains and, well, it's cheap to buy. > > In any case, I'm curious to see how all of these new names will play out > over time. Generic acceptance of new TLDs is indeed a problem, with multiple subparts (same problem for pre-2012 round of TLDs, like .TRAVEL with is longer than the three characters TLDs people where "used to", IDN TLDs - both ccTLDs and gTLDs, subdivision like 3LDs both in the past for .NAME and .PRO for example, etc.) This effort from ICANN can help as it gives various documentations and pointers of various problems and what people can do: https://uasg.tech/ -- Patrick Mevzek
Re: help for DNS queries
On Mon, Aug 5, 2019, at 06:50, Paulina wrote: > > I have been using a cloud host, it seems I have a unnormal DNS resolver > entry: And what exactly is unnormal in: > nameserver 127.0.0.53 > options edns0 ??? > (base) pyh@ubuntu-18:~$ dig google.com.hk > > ; <<>> DiG 9.11.3-1ubuntu1.5-Ubuntu <<>> google.com.hk > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58759 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 65494 > ;; QUESTION SECTION: > ;google.com.hk. IN A > > ;; ANSWER SECTION: > google.com.hk. 22 IN A 172.217.31.131 > > ;; Query time: 1 msec > ;; SERVER: 127.0.0.53#53(127.0.0.53) > ;; WHEN: Mon Aug 05 19:48:49 CST 2019 > ;; MSG SIZE rcvd: 58 > > > Can you help with it? thanks in advance. Help with what exactly? What is wrong with this DNS reply for you? Seems totally legit. $ whois 172.217.31.131 # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/resources/registry/whois/tou/ # # If you see inaccuracies in the results, please report at # https://www.arin.net/resources/registry/whois/inaccuracy_reporting/ # # Copyright 1997-2019, American Registry for Internet Numbers, Ltd. # NetRange: 172.217.0.0 - 172.217.255.255 CIDR: 172.217.0.0/16 NetName:GOOGLE NetHandle: NET-172-217-0-0-1 Parent: NET172 (NET-172-0-0-0-0) NetType:Direct Allocation OriginAS: AS15169 Organization: Google LLC (GOGL) RegDate:2012-04-16 Updated:2012-04-16 Ref:https://rdap.arin.net/registry/ip/172.217.0.0 -- Patrick Mevzek
Re: help for DNS queries
On Mon, Aug 5, 2019, at 04:58, Paulina wrote: > We have a mp2 handler which make a lot of DNS queries during its running > time. Some queris are sent to the strange domains such as .live, .club, > .design, .media, .digital, .market etc. I promise I never saw the > domains strange as those. > > Unlike the popular domains such as .com, .net, .org etc, which have > solid DNS servers and powerful networks for queries. Those small TLDs > have poor networks for DNS queries I may think. Thre are a lot of > timeout in the logs. Maybe the problems are not on the authoritative side... All names you mention (which are not strange at all) are gTLDs, they are all bound by ICANN contracts with SLA, including a 100% one on working DNS service, so I really do not believe you will get timeouts from their authoritative nameservers but it is really not clear what you are testing exactly and how. It seems also not very related to modperl at this point and I see you crossposted to the DNS OARC dns-operations mailing-list. -- Patrick Mevzek
Re: help for DNS queries
I am also having problems in the same way with two domains using .rocks. I find a lot of problems with on the internet testing sites refusing to recognize that ending. I really like that .rocks, because it gives me some superb names for domains and, well, it's cheap to buy. In any case, I'm curious to see how all of these new names will play out over time. Chris Bennett
Re: help for DNS queries
Guten Tag Paulina, am Montag, 5. August 2019 um 13:50 schrieben Sie: > nameserver 127.0.0.53 > options edns0 > (base) pyh@ubuntu-18:~$ > (base) pyh@ubuntu-18:~$ dig google.com.hk Not sure what your are trying to tell me with that. If that is OK or wrong is something you need to talk your hoster with. If it's slow or fast is something you need to test with the domains you are experiencing timeouts with etc. Mit freundlichen Grüßen, Thorsten Schöning -- Thorsten Schöning E-Mail: thorsten.schoen...@am-soft.de AM-SoFT IT-Systeme http://www.AM-SoFT.de/ Telefon...05151- 9468- 55 Fax...05151- 9468- 88 Mobil..0178-8 9468- 04 AM-SoFT GmbH IT-Systeme, Brandenburger Str. 7c, 31789 Hameln AG Hannover HRB 207 694 - Geschäftsführer: Andreas Muchow
Re: help for DNS queries
I have been using a cloud host, it seems I have a unnormal DNS resolver entry: (base) pyh@ubuntu-18:~$ cat /etc/resolv.conf # This file is managed by man:systemd-resolved(8). Do not edit. # # This is a dynamic resolv.conf file for connecting local clients to the # internal DNS stub resolver of systemd-resolved. This file lists all # configured search domains. # # Run "systemd-resolve --status" to see details about the uplink DNS servers # currently in use. # # Third party programs must not access this file directly, but only through the # symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way, # replace this symlink by a static file or a different symlink. # # See man:systemd-resolved.service(8) for details about the supported modes of # operation for /etc/resolv.conf. nameserver 127.0.0.53 options edns0 (base) pyh@ubuntu-18:~$ (base) pyh@ubuntu-18:~$ dig google.com.hk ; <<>> DiG 9.11.3-1ubuntu1.5-Ubuntu <<>> google.com.hk ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58759 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;google.com.hk. IN A ;; ANSWER SECTION: google.com.hk. 22 IN A 172.217.31.131 ;; Query time: 1 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Mon Aug 05 19:48:49 CST 2019 ;; MSG SIZE rcvd: 58 Can you help with it? thanks in advance. Guten Tag Paulina, am Montag, 5. August 2019 um 13:11 schrieben Sie: Do you mean this is a system issue rather than a pragram problem? That depends on whoever resolves your queries in the end. That might be your implementation using custom nameservers, that's why I linked its docs, or the system. First check who resolves how what and then decide what's your problem and how to fix it. Mit freundlichen Grüßen, Thorsten Schöning
Re: help for DNS queries
Guten Tag Paulina, am Montag, 5. August 2019 um 13:11 schrieben Sie: > Do you mean this is a system issue rather than a pragram problem? That depends on whoever resolves your queries in the end. That might be your implementation using custom nameservers, that's why I linked its docs, or the system. First check who resolves how what and then decide what's your problem and how to fix it. Mit freundlichen Grüßen, Thorsten Schöning -- Thorsten Schöning E-Mail: thorsten.schoen...@am-soft.de AM-SoFT IT-Systeme http://www.AM-SoFT.de/ Telefon...05151- 9468- 55 Fax...05151- 9468- 88 Mobil..0178-8 9468- 04 AM-SoFT GmbH IT-Systeme, Brandenburger Str. 7c, 31789 Hameln AG Hannover HRB 207 694 - Geschäftsführer: Andreas Muchow
Re: help for DNS queries
Do you mean this is a system issue rather than a pragram problem? thanks. Guten Tag Paulina, am Montag, 5. August 2019 um 11:58 schrieben Sie: I have been using Net::DNS::Resolver for DNS queries in handler. Can you suggest a better way to improve it? maybe AnyEvent::DNS etc? Things heavily depend on which nameservers you have actually configured on your system or to be used by your concrete implementation. Changing Perl packages most likely won't change much, you need to debug where those timeouts come from exactly. In the easiest case see what happends if you resolve your problematic domains manually on some shell, e.g. using nslookup. Than test resolving with common DNS server like that from Google (8.8.8.8), have a look at your system resolver settings etc. https://linux.die.net/man/1/nslookup https://metacpan.org/pod/Net::DNS::Resolver#new Mit freundlichen Grüßen, Thorsten Schöning
Re: help for DNS queries
Guten Tag Paulina, am Montag, 5. August 2019 um 11:58 schrieben Sie: > I have been using Net::DNS::Resolver for DNS queries in handler. Can you > suggest a better way to improve it? maybe AnyEvent::DNS etc? Things heavily depend on which nameservers you have actually configured on your system or to be used by your concrete implementation. Changing Perl packages most likely won't change much, you need to debug where those timeouts come from exactly. In the easiest case see what happends if you resolve your problematic domains manually on some shell, e.g. using nslookup. Than test resolving with common DNS server like that from Google (8.8.8.8), have a look at your system resolver settings etc. https://linux.die.net/man/1/nslookup https://metacpan.org/pod/Net::DNS::Resolver#new Mit freundlichen Grüßen, Thorsten Schöning -- Thorsten Schöning E-Mail: thorsten.schoen...@am-soft.de AM-SoFT IT-Systeme http://www.AM-SoFT.de/ Telefon...05151- 9468- 55 Fax...05151- 9468- 88 Mobil..0178-8 9468- 04 AM-SoFT GmbH IT-Systeme, Brandenburger Str. 7c, 31789 Hameln AG Hannover HRB 207 694 - Geschäftsführer: Andreas Muchow