我们的局域网遇到了令人沮丧的问题.对我们的ISP名称服务器的DNS查询会定期超时,强制延迟5秒.即使我通过直接挖掘到我们的一个DNS服务器来绕过/etc/resolv.conf,我仍然会遇到问题.这是一个例子:
- mv-m-dmouratis:~ dmourati$time dig www.google.com @209.81.9.1
- ; <<>> DiG 9.8.3-P1 <<>> www.google.com @209.81.9.1
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY,status: NOERROR,id: 14473
- ;; flags: qr rd ra; QUERY: 1,ANSWER: 5,AUTHORITY: 4,ADDITIONAL: 4
- ;; QUESTION SECTION:
- ;www.google.com. IN A
- ;; ANSWER SECTION:
- www.google.com. 174 IN A 74.125.239.148
- www.google.com. 174 IN A 74.125.239.147
- www.google.com. 174 IN A 74.125.239.146
- www.google.com. 174 IN A 74.125.239.144
- www.google.com. 174 IN A 74.125.239.145
- ;; AUTHORITY SECTION:
- google.com. 34512 IN NS ns2.google.com.
- google.com. 34512 IN NS ns1.google.com.
- google.com. 34512 IN NS ns3.google.com.
- google.com. 34512 IN NS ns4.google.com.
- ;; ADDITIONAL SECTION:
- ns2.google.com. 212097 IN A 216.239.34.10
- ns3.google.com. 207312 IN A 216.239.36.10
- ns4.google.com. 212097 IN A 216.239.38.10
- ns1.google.com. 212096 IN A 216.239.32.10
- ;; Query time: 8 msec
- ;; SERVER: 209.81.9.1#53(209.81.9.1)
- ;; WHEN: Fri Jul 26 14:44:25 2013
- ;; MSG SIZE rcvd: 248
- real 0m5.015s
- user 0m0.004s
- sys 0m0.002s
其他时候,查询立即响应,大约在20毫秒左右.我做了一个数据包跟踪并发现了一些有趣的东西. DNS服务器正在响应,但客户端忽略初始响应,然后发送第二个相同的查询,该查询立即响应.
请参见packet trace.请注意查询的相同源端口(62076).
问题:导致第一个DNS查询失败的原因是什么?
UPDATE
资源:
包跟踪:
http://www.cloudshark.org/captures/8b1c32d9d015
Dtruss(strace for mac):
https://gist.github.com/dmourati/6115180
Mountain Lion防火墙随机延迟来自apple.stackexchange.com的DNS请求:
更新2
- System Software Overview:
- System Version: OS X 10.8.4 (12E55)
- Kernel Version: Darwin 12.4.0
- Boot Volume: Macintosh HD
- Boot Mode: Normal
- Computer Name: mv-m-dmouratis
- User Name: Demetri Mouratis (dmourati)
- Secure Virtual Memory: Enabled
- Time since boot: 43 minutes
- Hardware Overview:
- Model Name: MacBook Pro
- Model Identifier: MacBookPro10,1
- Processor Name: Intel Core i7
- Processor Speed: 2.7 GHz
- Number of Processors: 1
- Total Number of Cores: 4
- L2 Cache (per Core): 256 KB
- L3 Cache: 6 MB
- Memory: 16 GB
- Firewall Settings:
- Mode: Limit incoming connections to specific services and applications
- Services:
- Apple Remote Desktop: Allow all connections
- Screen Sharing: Allow all connections
- Applications:
- com.apple.java.VisualVM.launcher: Block all connections
- com.getdropBox.dropBox: Allow all connections
- com.jetbrains.intellij.ce: Allow all connections
- com.skype.skype: Allow all connections
- com.yourcompany.Bitcoin-Qt: Allow all connections
- org.m0k.transmission: Allow all connections
- org.python.python: Allow all connections
- Firewall Logging: Yes
- Stealth Mode: No
解决方法
这似乎是Lion防火墙中的一个错误.它是否在您的系统上启用?
在这个MacRumors线程(DNS problems after updating to Mountain Lion (10.8))中,讨论了一种可能的解决方法:
Try reducing MTU size.
System Preferences > Network > WiFi > Advanced > Hardware > Manually > MTU: Custom > 1300
Worked for me.
你能检查一下降低MTU大小是否可以缓解你的问题?