On Wed, 2006-08-23 at 13:39 -0400, Bob Goodwin wrote: > I have observed instances where the initial response time was near 1000 ms, > the second in the tens of ms and then subsequent checks would be above > 100 ms? Same here. > Initially for host -a google.com: > Received 220 bytes from 127.0.0.1#53 in 1047 ms > > Then a few seconds later: > Received 220 bytes from 127.0.0.1#53 in 38 ms > > Now some hours later: > Received 156 bytes from 127.0.0.1#53 in 467 ms > > Then using dig <dig google.com> > ;; Query time: 168 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Wed Aug 23 13:15:23 2006 > ;; MSG SIZE rcvd: 148 > > Repeated several times, always 164-168 ms. I've noticed similar sort of things, myself. Just to be clear, it doesn't matter what made the first query (host, dig, etc.). Once something's looked up an address in your nameserver (e.g. web browser) it can cache the results for the next thing (e.g. dig). > Then here's one I have not visited today, an address Joanne provided the > other day. > > dig nlzero.com > ;; Query time: 3180 msec > > dig nlzero.com > ;; Query time: 244 msec > > Then the same address using <host -a nlzero.com> > > Received 122 bytes from 127.0.0.1#53 in 382 ms > > The correlation between the two methods is not perfect? Various factors are going to mean there's variable delays between results (other things your PC is doing at the time, it's not a real-time system, and whether a thing works through several other things, in sequence, to get its results). Query goes out (takes time), DNS checks for local data (takes time), DNS server may fetch remote data (takes time), DNS server responds (takes time), querying program acts on data (takes time). Quite probably the more data returned with a record (i.e. several A records) the longer the time reported by dig, though I would expect other things to be a more significant variance to the time. And certainly, if it has to go through several remote DNS servers before finding the responses (queries root server to find authoritative server for a domain, which then turns out to not be authoritative and refers onto another server...), that'll take longer. > I did try pinging google with the Dell XP box yesterday. > The average of three pings was 775 ms That's a different thing, altogether. You're measuring the time it takes for ICMP (usually) traffic to get between their system and yours, DNS data may or may not be obtained from the same systems. And DNS traffic is usually UDP (a different scheme, probably with different timing issues - depending on all the software systems involved from one end to another). e.g. Here I have several PCs, a few of them have webservers, a few of them have DNS servers. But it's most likely that if you pinged one of them, some other PC's DNS server would have provided you with IP address to ping. > but I don't know how to check the dns response time with Windows? There are dig type of tools for Windows, but I don't know a name to give you a search parameter. A quick search of "dig for windows" produces some results, but I know nothing of them to give any recommendation (other than to be cautious). However, remember that, I think, you're mostly looking up the response time of the queried DNS server, not the response time of the machine asking the question. If you're not running a DNS server on that Windows box, you're probably not going to see the sort of results that you're thinking about. -- (Currently running FC4, occasionally trying FC5.) Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
