host internet connection slower than jail

[joggx]

The host is FreeBSD 13.1 and when performing ping or fetch it always takes a long time before something shows up. While do the same in jails get response immediately. But it turns out the ping results look the same. The host and jails are using 8.8.8.8 in /etc/resolv.conf.

PING us.archive.ubuntu.com (91.189.91.38) 56(84) bytes of data.
64 bytes from banjo.canonical.com (91.189.91.38): icmp_seq=1 ttl=55 time=64.8 ms
64 bytes from banjo.canonical.com (91.189.91.38): icmp_seq=2 ttl=55 time=64.4 ms

 

[SirDice]

The round-trip time of a packet has nothing to with DNS. DNS is only used to resolve the IP address before it sends those packets. Once it has an IP address to connect to it won't do a DNS lookup for the other packets.

And an RTT of 64 ms is pretty decent for an internet connection. This is from my home connection:

% ping -4 us.archive.ubuntu.com
PING us.archive.ubuntu.com (91.189.91.39): 56 data bytes
64 bytes from 91.189.91.39: icmp_seq=0 ttl=54 time=94.091 ms
64 bytes from 91.189.91.39: icmp_seq=1 ttl=54 time=99.059 ms
64 bytes from 91.189.91.39: icmp_seq=2 ttl=54 time=88.094 ms
64 bytes from 91.189.91.39: icmp_seq=3 ttl=54 time=88.749 ms
64 bytes from 91.189.91.39: icmp_seq=4 ttl=54 time=90.600 ms
^C
--- us.archive.ubuntu.com ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 88.094/92.119/99.059/4.048 ms

I live across the big pond (Netherlands) from you.

On a LAN you typically get < 1ms times (I average around 0.1-0.2 ms). But the internet is a big place, lots of hops and a lot more latency compared to a decent 1Gbps LAN connection.

% ping -4 molly
PING molly.dicelan.home (192.168.10.190): 56 data bytes
64 bytes from 192.168.10.190: icmp_seq=0 ttl=64 time=0.236 ms
64 bytes from 192.168.10.190: icmp_seq=1 ttl=64 time=0.150 ms
64 bytes from 192.168.10.190: icmp_seq=2 ttl=64 time=0.145 ms
64 bytes from 192.168.10.190: icmp_seq=3 ttl=64 time=0.151 ms
64 bytes from 192.168.10.190: icmp_seq=4 ttl=64 time=0.146 ms
^C
--- molly.dicelan.home ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.145/0.166/0.236/0.035 ms

If you get a long delay before ping(1) starts sending packets then that might indicate some DNS related issues. drill(1) is the tool to use to test DNS.

 

[joggx]

If you get a long delay before ping(1) starts sending packets then

Yes, before ping shows anything, same with fetch too. Which drill to troubleshoot?

drill google.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 7109
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; google.com.  IN      A

;; ANSWER SECTION:
google.com.     300     IN      A       172.217.16.238

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 5035 msec
;; SERVER: 8.8.8.8
;; WHEN: Thu Apr 20 06:33:23 2023
;; MSG SIZE  rcvd: 44

The query time above is 5+ seconds, while in the jail its something like 32 msec.

 

[SirDice]

Does the host perhaps has a dodgy IPv6 connection? That would be tried first, time out, fail and fall back to IPv4. This would result in a delay.

 

[joggx]

In /etc/rc.conf only an IPv4 static IP is set up. And it doesn't have the line ipv6_enable=”YES”

 

[SirDice]

Check /etc/resolv.conf on the host. If the first DNS server fails you also get a slight delay before it tries the second DNS server.

 

[joggx]

No a slight delay. Sometimes it just ends up with 'no route to host'. Both the host and jails are using the following in /etc/resolv.conf

nameserver 8.8.8.8
nameserver 8.8.4.4

In fact when I first found this problem there was indeed in an extra entry in the first line of host's /etc/resolv.conf and I removed it.

search fios-router.home

Do I need to do something to refresh after modifying it?

 

[SirDice]

No, changes to /etc/resolv.conf are active immediately. That search isn't the problem. If you query a 'short' hostname it's going to search for it in the specified domain. So ping myhost gets translated to ping myhost.fios-router.home, that's fine, it's usually what you want anyway.