Slow DNS lookup on CentOS 6 machines

Slow DNS lookups can have many reasons. Mostly they are easy to fix because it simply is a wrong IP address of the DNS  f.ex. But today i had a harder one, but was easy to fix if you know how…

Looking up an address with dig works all the time, but when puppet gets its plugins or other files from the puppet master, it takes five second for each file, and puppet fails with an “execution expired” error. So I started to debug it.

It’s most likely not an error within puppet, because i know that our CentOS 5 clients are working just fine.

Next, tcpdump. Took five seconds until i saw a connection on port 8140. As expected, not an error within puppet. Next, DNS. Now it’s getting interesting.

It sends out two DNS request, one for the A record and one for the AAAA record. This is the default since glbc 2.9 to do them in parallel. But i only get back one answer waiting for the second. Looks like a problem on your DNS proxy which sits on our firewall or the DNS behind. Not sure yet.

The man page of resolv.conf has two options which could fix the problem:

The second option sounds exactly like my problem. Added “options single-request-reopen” to resolv.conf, and bang… Works!

This entry was posted in CentOS, Linux and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *