Skip to main content
Skip table of contents

3518 - Troubleshooting slow DNS resolution in NIOS

Scenario

A user reports that DNS lookup is slow. He looked up 3 separate domain names: www.cnn.com, www.google.com, and www.fbi.gov, all 3 lookups were slow. He reports that DNS queries took about 3 seconds to complete on average. A query log was captured during the time of name resolution, please study the log file and locate the possible cause(s).

Estimate Completion Time

  • 10 to 15 minutes

Credentials

Description

Username

Password

URL or IP

Grid Manager UI

admin

infoblox

https://10.100.0.100/

Course References

  • 3011: DNS Troubleshooting Methodology

Lab Initiation

Access jump-desktop

Once the lab is deployed, you can access the virtual machines required to complete this lab activity. To initiate the lab, click on the jump-desktop tile and login to the Linux UI:

Username: training

Password: infoblox

Initiate lab

To initiate the lab, double-click the Launch Lab icon on the Desktop.

Launch Lab

Launch Lab

Choose the lab number from the list and click OK.

After clicking OK, you will see a pop-up message with a brief description of the lab task. If the description looks correct, click Yes to continue lab initiation.

Lab initiation will take a couple of minutes to finish.

Once complete, you will see another pop-up message with the login credentials and the URL for the Grid Manager’s User Interface. Note that the credentials may differ from those from prior labs.

Screenshot 2024-05-06 at 3.16.57 PM.png

Tasks

For all tasks in this lab, please use the file placed on the desktop of the jump-desktop. It is named 3518-syslog.tar.gz.

Task 1: Analyzing query logs

Study the provided support bundle with query logging to find the root cause(s) behind slow name resolution.

Solutions

Task 1 Solution: Analyzing query logs

The log shows there are search domains appended to the name user typed in, adding additional queries and delays. The likely cause is that the user entered the name without a trailing dot, thus the operating system appended additional search domains automatically. For example, we can see in line 1 below the query is for the domain www.cnn.com.infoblox.lab, line 3 is www.cnn.com.lab, and line 5 is for www.cnn.com. The same pattern occurs for lines 7, 9, and 11 for the www.google.com lookup as well.

CODE 
2021-08-17T19:43:03+00:00 daemon ibns2.techblue.net named[19874]: info client @0x7fa6700bd780 10.100.0.10#35245 (www.cnn.com.infoblox.lab): query: www.cnn.com.infoblox.lab IN A +E(0)K (10.201.0.105)
2021-08-17T19:43:03+00:00 daemon ibns2.techblue.net named[19874]: info 17-Aug-2021 19:43:03.208 client 10.100.0.10#35245: UDP: query: www.cnn.com.infoblox.lab IN A response: NXDOMAIN +EV
2021-08-17T19:43:04+00:00 daemon ibns2.techblue.net named[19874]: info client @0x7fa66c011730 10.100.0.10#49954 (www.cnn.com.lab): query: www.cnn.com.lab IN A +E(0)K (10.201.0.105)
2021-08-17T19:43:04+00:00 daemon ibns2.techblue.net named[19874]: info 17-Aug-2021 19:43:04.234 client 10.100.0.10#49954: UDP: query: www.cnn.com.lab IN A response: NXDOMAIN +EV
2021-08-17T19:43:05+00:00 daemon ibns2.techblue.net named[19874]: info client @0x7fa6700bd780 10.100.0.10#40999 (www.cnn.com): query: www.cnn.com IN A +E(0)K (10.201.0.105)
2021-08-17T19:43:05+00:00 daemon ibns2.techblue.net named[19874]: info 17-Aug-2021 19:43:05.530 client 10.100.0.10#40999: UDP: query: www.cnn.com IN A response: NOERROR +EV www.cnn.com. 300 IN CNAME turner-tls.map.fastly.net.; turner-tls.map.fastly.net. 30 IN A 151.101.249.67;
2021-08-17T19:49:30+00:00 daemon ibns2.techblue.net named[19874]: info client @0x7fa66c011730 10.100.0.10#59614 (www.google.com.infoblox.lab): query: www.google.com.infoblox.lab IN A +E(0)K (10.201.0.105)
2021-08-17T19:49:30+00:00 daemon ibns2.techblue.net named[19874]: info 17-Aug-2021 19:49:30.956 client 10.100.0.10#59614: UDP: query: www.google.com.infoblox.lab IN A response: NXDOMAIN +EV
2021-08-17T19:49:31+00:00 daemon ibns2.techblue.net named[19874]: info client @0x7fa6700bd780 10.100.0.10#36477 (www.google.com.lab): query: www.google.com.lab IN A +E(0)K (10.201.0.105)
2021-08-17T19:49:31+00:00 daemon ibns2.techblue.net named[19874]: info 17-Aug-2021 19:49:31.982 client 10.100.0.10#36477: UDP: query: www.google.com.lab IN A response: NXDOMAIN +EV
2021-08-17T19:49:32+00:00 daemon ibns2.techblue.net named[19874]: info client @0x7fa66c011730 10.100.0.10#55538 (www.google.com): query: www.google.com IN A +E(0)K (10.201.0.105)
2021-08-17T19:49:33+00:00 daemon ibns2.techblue.net named[19874]: info 17-Aug-2021 19:49:33.017 client 10.100.0.10#55538: UDP: query: www.google.com IN A response: NOERROR +EV www.google.com. 300 IN A 172.253.62.106; www.google.com. 300 IN A 172.253.62.147; www.google.com. 300 IN A 172.253.62.105; www.google.com. 300 IN A 172.253.62.99; www.google.com. 300 IN A 172.253.62.103; www.google.com. 300 IN A 172.253.62.104;
2021-08-17T19:50:10+00:00 daemon ibns2.techblue.net named[19874]: info client @0x7fa6700bd780 10.100.0.10#47910 (www.fbi.gov.infoblox.lab): query: www.fbi.gov.infoblox.lab IN A +E(0)K (10.201.0.105)
2021-08-17T19:50:10+00:00 daemon ibns2.techblue.net named[19874]: info 17-Aug-2021 19:50:10.370 client 10.100.0.10#47910: UDP: query: www.fbi.gov.infoblox.lab IN A response: NXDOMAIN +EV
2021-08-17T19:50:11+00:00 daemon ibns2.techblue.net named[19874]: info client @0x7fa66c011730 10.100.0.10#40278 (www.fbi.gov.lab): query: www.fbi.gov.lab IN A +E(0)K (10.201.0.105)
2021-08-17T19:50:11+00:00 daemon ibns2.techblue.net named[19874]: info 17-Aug-2021 19:50:11.429 client 10.100.0.10#40278: UDP: query: www.fbi.gov.lab IN A response: NXDOMAIN +EV
2021-08-17T19:50:12+00:00 daemon ibns2.techblue.net named[19874]: info client @0x7fa6700bd780 10.100.0.10#40934 (www.fbi.gov): query: www.fbi.gov IN A +E(0)K (10.201.0.105)
2021-08-17T19:50:12+00:00 daemon ibns2.techblue.net named[19874]: info 17-Aug-2021 19:50:12.803 client 10.100.0.10#40934: UDP: query: www.fbi.gov IN A response: NOERROR +EV www.fbi.gov. 300 IN CNAME www.fbi.gov.cdn.cloudflare.net.; www.fbi.gov.cdn.cloudflare.net. 300 IN A 104.16.149.244; www.fbi.gov.cdn.cloudflare.net. 300 IN A 104.16.148.244;

There is nothing you can do to fix this from the DNS server side, since this is a client-side configuration and behavior, possibly a flaw or bug in the client software. To avoid this, you may advise the user to use FQDN (with a trailing dot) in the DNS query.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close