Solved Spotty DNS Performance

[semi-ambivalent]

I have been having irregular DNS performance issues and have been unable to diagnose or correct them. It appears my (new-ish) router has its own DNS server settings with the primary pointed to an address in Dubai, UAE, and the secondary at Google's primary DNS. I'm in Colorado, USA. I can change these but after a period of time they will sometimes revert to these originals. My ISP has DNS addresses they've given me as well. I'm running named as a caching server but don't know anymore where to point it since it has never caused any problem. The performance hit is most common in the morning hours (07:00 - 09:00 MDT) and I'm guessing that is also within peak traffic time in the UAE.

How much of this might I be able to strip out? I have tried various address combinations in the router, named.conf and resolv.conf. Might be best to pull back to a very simple setup. I'll add that my wife's Mac acts fine so I'm pretty sure this is entirely within my machine. Suggestions appreciated.

 

[SirDice]

It appears my (new-ish) router has its own DNS server settings with the primary pointed to an address in Dubai, UAE, and the secondary at Google's primary DNS. I'm in Colorado, USA.

Are you sure your router hasn't been hacked? It's quite popular to divert DNS to a rogue DNS server in order to hijack your outgoing connections.

My ISP has DNS addresses they've given me as well. I'm running named as a caching server but don't know anymore where to point it since it has never caused any problem.

Forget whatever your router is returning with regards to DNS and hardcode the ISP's DNS addresses as forwarding addresses in named.conf. Make sure DHCP isn't overwriting your /etc/resolv.conf and point it to your DNS server.

 

[semi-ambivalent]

Are you sure your router hasn't been hacked? It's quite popular to divert DNS to a rogue DNS server in order to hijack your outgoing connections.


Forget whatever your router is returning with regards to DNS and hardcode the ISP's DNS addresses as forwarding addresses in named.conf. Make sure DHCP isn't overwriting your /etc/resolv.conf and point it to your DNS server.

Thank you, SirDice, for the reply. First, no, I don't know if the router has been hacked. (It's a Zhone, purchased from my local ISP. A decent group of folks.) I have read of ISPs configuring routers to go to a specific IP address in some sort of "clicks for $" loyalty arrangement but really, I just don't know.

I did everything as you suggested with the exception of now running local_unbound and not bind as I was before. Things are fine now and getting faster as local_unbound caches addresses. Might run squid again too. Thanks for the help.

 

[semi-ambivalent]

I'm re-visiting this thread for full disclosure.

SirDice's solved the initial issues *for a time*. DNS addys stayed as set but speeds began to suck again. Then something changed: I upgraded the firewall that sits between the router and my network. OpenBSD 6.1 -> 6.2, as an upgrade and not a full, new install. Boom. It's all fine now. The only thing that had changed in the workflow between a new install of OBSD-6.1 (at its release) and now is that I upgraded my FreeBSD machine from 11.0R to 11.1R (at its release). An uneducated guess is that packet handling between the two hosts had degraded on the FreeBSD side for some 11.1R reason and then was resolved by driver changes in OpenBSD 6.2R. That guess does not explain why the problem started to begin with in a hitherto well-running system. FWIW my wife's Mac PB never had issues throughout this.

Thanks still to SirDice re: resolv.conf,
s-a