auth: Warning: DNS lookup took 1.550 s

ML mail mlnospam at yahoo.com
Thu Feb 5 07:01:58 UTC 2015


My fault here, I should have precised that the DNS query it tries to resolve is simply the DNS name of my 
mailbox server (mailboxserver.domain.com). So domain.com is hosted locally on DNS servers on that very same network as the dovecot servers are located. Furthermore all the resolvers I use in /etc/resolv.conf are also local DNS resolvers on that same LAN. All the DNS servers (authoritative and recursive) are using PowerDNS. That's why I was really puzzled to see that it can take up to 1.5 seconds to query my own local DNS servers which are in no way overloaded.





On Wednesday, February 4, 2015 9:27 PM, Reindl Harald <h.reindl at thelounge.net> wrote:
how do you come to the conclusion that it matters how busy "this server 
is"? jesus christ you are asking *remote servers* for their answers and 
the request as well the answer passes different routers, ISP's and 
likely a *chain of forwarders* until you don't recursion at your own and 
even if you do you have no control how overloaded one of the networks 
between you and the auth dns server or this server itself is

*any* of the involved forwarders, networks and auth nameservers are 
responsible for the time to resolve your query

frankly "I see around 5-6 times per day the following warning" as reason 
for writing a mail and continue insist the problem is on your side shows 
missing network understanding


Am 04.02.2015 um 17:48 schrieb ML mail:
> Thanks for your comments. I understand as DNS uses UDP that there could be some DNS queries which might get lost if the CPU or network is too busy but the thing is that this server is not so busy really. It has 2 cores with 4 GB of RAM and the CPU averages to 2% usage. The network averages to 1 Mbit/s traffic and there are around 600-700 processes running for 1100 mailboxes. Note here that this server is simply a proxy server, mailboxes are located on a separated server on the same LAN, the same applies to the database which has its own server too. These are all virtual machines by the way.
>
> I am not running a local DNS cache on the server. As suggested using a local DNS cache would simply fix this issue but I am more interested to know what is generating these slow DNS queries...
>
> On Wednesday, February 4, 2015 2:59 PM, LuKreme <kremels at kreme.com> wrote:
> On 04 Feb 2015, at 03:38 , ML mail <mlnospam at yahoo.com> wrote:
>> I am running a dovecot and proxy server on two different virtual machines and on the dovecot proxy server I see around 5-6 times per day the following warning:
>>
>> Feb 03 16:15:12 auth: Warning: proxy(email at domain.com,xxx.xxx.xxx.xxx,<ABC123456789>): DNS lookup for mailboxserver.domain.com took 1.550 s
>
> If you are seeing a warning that dans lookup took 1.5 seconds 5-6 times a day, why are you concerned?
>
>> I do not really understand how from time to time DNS queries are slow,
>
> Because from time to time, queries are slow. A hiccough in the line, the server is slightly busy doing something else. There’s a lot of bandwidth during those 1.5 seconds being used. It could be anything. If you were seeing hundreds of these warning, or if the times were over 5 seconds, then I’d worry.
>
>
>> I tried replicate this issue using dig to resolve the same DNS entry and it was always very fast. Is there any way I can debug better this issue? or is this nothing to worry about really?
>
> I would not worry about it based on these numbers


More information about the dovecot mailing list