DNS lookup takes 10 plus seconds [closed]

networking domain-name-system

DNS lookup of www.duckdns.org takes 10 plus seconds. Is this my internet provider's DNS issue? Here is the output of host command using my provider DNS and Google DNS:

$ time host  www.duckdns.org
www.duckdns.org has address 50.112.156.11
;; connection timed out; no servers could be reached
www.duckdns.org mail is handled by 50 www.duckdns.org.

real    0m10.767s
user    0m0.016s
sys     0m0.012s

$ time host  www.duckdns.org 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:

www.duckdns.org has address 54.148.234.172
Host www.duckdns.org not found: 2(SERVFAIL)
www.duckdns.org mail is handled by 50 www.duckdns.org.

real    0m0.546s
user    0m0.020s
sys     0m0.008s

$ time host www.google.com
www.google.com has address 62.168.125.25
www.google.com has address 62.168.125.29
www.google.com has address 62.168.125.30
www.google.com has address 62.168.125.34
www.google.com has address 62.168.125.35
www.google.com has address 62.168.125.39
www.google.com has address 62.168.125.40
www.google.com has address 62.168.125.44
www.google.com has address 62.168.125.45
www.google.com has address 62.168.125.49
www.google.com has address 62.168.125.50
www.google.com has address 62.168.125.54
www.google.com has address 62.168.125.55
www.google.com has address 62.168.125.59
www.google.com has address 62.168.125.20
www.google.com has address 62.168.125.24
www.google.com has IPv6 address 2a00:1450:4014:80b::1011

real    0m0.073s
user    0m0.032s
sys     0m0.012s

Update provided by DuckDNS:

Hi, I am pleased to let the community know that we believe that we have rectified the reported defects

It is always good to have feedback from pubic communities, we also appreciate any bugs being raised directly with us via our G+ community. This allows us to deal with defects as efficiently as possible.

We don't have enough reputation points to allow us to comment directly.

The correct AAAA response for not IPV6 implementers is a NOERROR with zero answers as now implemented.

Could you please check to ensure this now behaves as expected?

We have also fixed two additional defect around DNS Glue records, and minimum DNS TTL times (now 60 seconds).

QUACK!


Edit:

In the interest of fairness and full disclosure, it appears that the owners of DuckDNS were directed to this Q&A and have addressed the list of defects that were identified. While this is good, I stand by my opinions. These defects were quite grievous and it was irresponsible of the owners to make their service publicly available without the appropriate disclosures regarding its maturity.

Considering that the owners have only publicly addressed that the defects were corrected, and have provided no statement in regards to how they intend to prevent similar problems in the future, I would still not place much confidence in the maturity of this service.

You're being downvoted because you didn't invest much in the way of your own troubleshooting (i.e. you made no queries of your own against the duckdns.org DNS servers), but this is almost certainly not the fault of the DNS servers you're querying.

  • Your first hint is the fact that both of your host lookups include a timeout in their output. Something strange is going on here.
  • It turns out the timing out query is an IPv6 (AAAA) lookup for www.duckdns.org. A little research on my end suggests that your ISP and Google's DNS servers are barfing on it because the reply from the duckdns.org nameservers is completely broken:

-

# dig @ns1.duckdns.org www.duckdns.org AAAA +noall +question +answer

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @ns1.duckdns.org www.duckdns.org AAAA +noall +question +answer
; (1 server found)
;; global options: +cmd
;www.duckdns.org.               IN      AAAA
www.duckdns.org.        20      IN      A       50.112.156.11

Note how this request was for a AAAA record but we instead got a reply back for an A record. WTF?

Further research gives me more indicators that the DNS configuration for this domain and the software running it are very flaky:

  • Glue inconsistency. The glue for duckdns.org lists three NS records but the authoritative zone only lists one. (dig +trace +additional duckdns.org to see this in action) It looks like the individual DNS servers are returning only themselves when queried for the NS record. The other two NS records are probably being lost by DNS servers on refresh, which will lead to some interesting availability issues.
  • The TTL is 20 seconds for their www record which is likely to be ignored by most self-respecting DNS software.
  • If I ask Comcast for duckdns.org NS, I get SERVFAIL. This stuff is really, really broken.

In short, I don't think these people know what they're doing and I would hesitate to blame any intermediate DNS servers for whatever weird things encountered from interacting with this domain. The operators are novices and the software is clearly broken in some cases. I have zero confidence that this service is consistently RFC compliant in its software implementation, and whenever that's in question there's no telling how other servers are going to react to the broken behavior.

I would say that I would not trust the operators with my money but they're not asking for it. Instead, I'll go one step beyond "you're getting what you're paying for" and say that you could not pay me to use this service. There is no DNS professional involved in this.

Related

No longer able to send e-mails from Ubuntu server to Gmail group [closed]
Don't work ssh in a VM Centos [closed]
FTP server configation [duplicate]
SQL Server 2008 R2 Express accepts only local connections? [closed]
Extend RAID 5 to use unused space and add additional disks?
How to open public port 8888 in Google Cloud Platform? [closed]
What is the cause of most top-vendor SSD crashes?
How do I remove a rootkit without an anti-rootkit program? [duplicate]
Why ulimit shows different outputs? [closed]
Seeking central user management software [closed]
Why does ip address have a dash [closed]
iptables blocking all outbound connections