Mountain Lion firewall is randomly delaying DNS requests

firewall dns

Solution 1:

You are right. I diagnose the same rate limiting at the firewall level on MacOS X 10.7.4 (Lion).

Moreover, if you look at

/usr/bin/sudo tcpdump -i en0 udp port 53

You will notice that the round trip time to get a reply from 8.8.8.8 is much lower then the 40 msec displayed by the server.

On a long test run I had:

;; Query time: 44 msec

and an average roundtrip time of 26 msec:

09:36:14.360564 IP me.53866 > google-public-dns-a.google.com.domain: 9943+ A? www.google.com. (32)
09:36:14.386302 IP google-public-dns-a.google.com.domain > me.53866: 9943 5/0/0 A 173.194.41.180, A 173.194.41.178, A 173.194.41.176, A 173.194.41.177, A 173.194.41.179 (112)

(386302 - 360564 = 26 msec)

To understand this protection mechanism (against basic DOS), look at:

/usr/bin/sudo pfctl -i en0 -s timeouts

The full documentation of this complex command is pfctl(8) Mountain Lion reference manual

Beware this is a powerfull but highly dangerous command. You may easily break your network access (Where is my backup?).

Related

What game did "game changer" originally refer to?
What is the antonym of “veering” in the nautical sense?
Equivalent of phrase 'emu parade' in other English-speaking places
What does "a man among men" mean?
What's the difference between "neural" and "neuronal"?
Starting a sentence with "rather"
“Open sesame”: how widely understood is it, and how else to put it?
Is “laser-focused” a new word?
Does "grim" share an etymology with the surname "Grimm"?
Quis? Ego! (Child's phrase)
Is "defensible driving" defensible?
Which spelling is correct: "Re-order" or "Reorder"