<div dir="ltr">I'll second the use of tcpdump, and also add that DNS query traffic, using UDP by default, tends to be hypersensitive to packet loss. TCP will retry and folks may not even notice a slight drop in performance, but DNS queries, under the same conditions, can fail completely. Thus, DNS is often the "canary in the coal mine" for conditions which lead to packet loss, sometimes even an early warning of developing WAN and/or configuration issues.<div><br></div><div> - Kevin</div></div><br><div class="gmail_quote"><div dir="ltr">On Fri, Aug 31, 2018 at 5:36 PM John W. Blue via bind-users <<a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12.0pt;line-height:1.3;color:#1f497d">
<div><span style="color:rgb(31,73,125);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:17.12px;font-style:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline!important;float:none">tcpdump
is your newest best friend to troubleshoot network issues. You need to see what (if anything) is being placed on the wire and the responses (if any). My goto syntax is:</span><br>
<br>
<span style="color:rgb(31,73,125);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:17.12px;font-style:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline!important;float:none">tcpdump
-n -i eth0 port domain</span><br>
<br>
<span style="color:rgb(31,73,125);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:17.12px;font-style:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline!important;float:none">I
like -n because it prevents a PTR lookup from happing. Why add extra noise? As with anything troubleshooting related it is a process of elimination.</span><br>
<br>
<span style="color:rgb(31,73,125);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:17.12px;font-style:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline!important;float:none">Good
hunting!</span><br>
<br>
<span style="color:rgb(31,73,125);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:17.12px;font-style:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline!important;float:none">John</span><br>
</div>
<div><br>
</div>
<div id="m_-6663644922190491682x_signature-x" class="m_-6663644922190491682x_signature_editor" style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12.0pt;color:#1f497d">
Sent from <a href="http://www.9folders.com/" style="text-decoration:none;color:#009bdf" target="_blank">
Nine</a><br>
</div>
</div>
<div id="m_-6663644922190491682x_quoted_header" style="clear:both">
<hr style="border:none;height:1px;color:#e1e1e1;background-color:#e1e1e1">
<div style="border:none;padding:3.0pt 0cm 0cm 0cm"><span style="font-size:11.0pt;font-family:'Calibri','sans-serif'"><b>From:</b> Alex <<a href="mailto:mysqlstudent@gmail.com" target="_blank">mysqlstudent@gmail.com</a>><br>
<b>Sent:</b> Friday, August 31, 2018 4:20 PM<br>
<b>To:</b> <a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
<b>Subject:</b> Frequent timeout<br>
</span></div>
</div>
<br type="attribution">
</div>
<font size="2"><span style="font-size:10pt">
<div class="m_-6663644922190491682PlainText">Hi,<br>
<br>
Would someone please help me understand why I'm receiving so many<br>
timeouts? This is on a fedora28 system with bind-9.11.4 acting as a<br>
mail server and running on a cable modem.<br>
<br>
It appears to happen during all times, including when the link is<br>
otherwise idle.<br>
<br>
31-Aug-2018 16:52:57.297 query-errors: debug 2: fetch completed at<br>
../../../lib/dns/resolver.c:3927 for <a href="http://support.coxbusiness.com/A" target="_blank">support.coxbusiness.com/A</a> in<br>
10.000171: timed out/success<br>
[domain:<a href="http://support.coxbusiness.com" target="_blank">support.coxbusiness.com</a>,referral:2,restart:4,qrysent:5,timeout:4,lame:0,quota:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0]<br>
<br>
31-Aug-2018 17:06:42.655 query-errors: debug 2: fetch completed at<br>
../../../lib/dns/resolver.c:3927 for <a href="http://dell.ns.cloudflare.com/A" target="_blank">dell.ns.cloudflare.com/A</a> in<br>
10.000108: timed out/success<br>
[domain:<a href="http://cloudflare.com" target="_blank">cloudflare.com</a>,referral:0,restart:2,qrysent:13,timeout:12,lame:0,quota:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0]<br>
<br>
What more information can I provide to troubleshoot this?<br>
<br>
Is it possible that even though the link otherwise seems to be<br>
operating okay that there could still be some problem that would<br>
affect DNS traffic?<br>
<br>
I've also clear all firewall rules, and it's not even all queries which fail.<br>
<br>
Thanks,<br>
Alex<br>
_______________________________________________<br>
Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
</div>
</span></font>
</div>
_______________________________________________<br>
Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
</blockquote></div>