[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

(FWD) Re: ip-port.torhosts.nighteffect.us and exim

[Forwarding since Mike isn't subscribed as this address. -RD]

----- Forwarded message from owner-or-talk@xxxxxxxxxxxxx -----

Date: Fri, 27 Apr 2007 11:46:14 +0100
From: Mike Cardwell <mike.cardwell@xxxxxxxxxxxx>
To: or-talk@xxxxxxxxxxxxx
Subject: Re: ip-port.torhosts.nighteffect.us and exim

* on the Thu, Apr 26, 2007 at 09:58:35AM -0700, Joseph B. Kowalski wrote:

>> Just out of interest, why do lookups that return positive results 
>> take such a long time? This is what I typically get:
>>
>> server:~# time host 20.136.234.85.109.123.123.123.123.ip- port.torhosts.nighteffect.us
>> 20.136.234.85.109.123.123.123.123.ip-port.torhosts.nighteffect.us has address 127.0.0.2
>> Host 20.136.234.85.109.123.123.123.123.ip-port.torhosts.nighteffect.us not found: 2(SERVFAIL)
>> Host 20.136.234.85.109.123.123.123.123.ip-port.torhosts.nighteffect.us not found: 2(SERVFAIL)
>>
>> real    0m23.451s
>> user    0m0.030s
>> sys     0m0.010s
>>
>> The first line of response is pretty quick, then there are long 
>> delays
>> before each SERVFAIL...
>>
>> If the lookup returns an NXDOMAIN, there are no SERVFAILS so the 
>> lookups are much faster. I'm not a DNS expert so I'm not sure what is 
>> happening that causes the SERVFAIL's...
> 
> There are a couple of things going on here. First, the reason why 
> you see the first line returned from the 'host' command as 
> successful, followed by two 'SERVFAIL' lines is that the 'host' 
> command, by default, sends an 'A' request followed by an 'AAAA' 
> (IPv6 Lookup) and 'MX' (Mail Exchanger) request. The DNSEL server 
> only supports 'A' requests, and so in the case of the second and 
> third queries, the DNSEL server is actually returning a 'NOTIMP' 
> (Not Implemented) error message, and your local upstream DNS server 
> is returning that to you as a 'SERVFAIL' error message. If you run 
> the 'host' command with the "Type" flag set, you can prevent 'host' 
> from sending the 'AAAA' and 'MX' requests altogether, eliminating 
> the two error lines. For example, your query could be:
> 
> time host -t A 20.136.234.85.109.123.123.123.123.ip-port.torhosts.nighteffect.us

That makes sense. And from testing, you were right. :)

> Second, to address the speed issue, it's likely that your local 
> upstream DNS server has some method of operation that really slows 
> things down when there is an error returned from the DNSEL server, 
> like the two 'NOTIMP' messages I described above. It may be 
> retrying those same 'AAAA' and 'MX' requests several times before 
> returning the 'SERVFAIL' message to you, holding things up a bit. 
> So, the good news is, the speed issue is probably already gone just 
> by you using the "Type" flag with the 'host' command, like I 
> discussed above. Personally, I know there is no extra delay from 
> the DNSEL server when it's returning a 'SERVFAIL', 'NOTIMP', or 
> 'NXDOMAIN' message, as opposed to a successful lookup.

Damn. I built the upstream dns server based on Bind with DLZ and a
convoluted MySQL database to store the zones. Looks like I'm going to
need to do some non-tor related fixing now.

[snip further advice]

> Please let me know if you have any other questions. I hope that 
> helped!

Helped greatly thanks. Now to get fixing my Bind configuration!

Mike

----- End forwarded message -----