1.1.1.1 takes a very long time to resolve

jules · September 30, 2018, 3:58am

When I tried 1.1.1.1 I found it took a really long time to resolve domain names.
Below are some diagnostics.

A nslookup using 1.1.1.1 takes about 5 seconds. “the struggle is real”
A nslookup using my ISP (Altice / Optimum Online / Cablevision / whomeverownsthemthisweek) takes only a few ms. I can’t even time it.
The traceroutes take 15 seconds.

Jules-iMac-2011:~ Jules$ nslookup -debug community.cloudflare.com 1.1.1.1
Server:		1.1.1.1
Address:	1.1.1.1#53

------------
    QUESTIONS:
	community.cloudflare.com, type = A, class = IN
    ANSWERS:
    ->  community.cloudflare.com
	internet address = 104.19.199.151
	ttl = 295
    ->  community.cloudflare.com
	internet address = 104.19.195.151
	ttl = 295
    ->  community.cloudflare.com
	internet address = 104.19.196.151
	ttl = 295
    ->  community.cloudflare.com
	internet address = 104.19.197.151
	ttl = 295
    ->  community.cloudflare.com
	internet address = 104.19.198.151
	ttl = 295
    AUTHORITY RECORDS:
    ADDITIONAL RECORDS:
------------
Non-authoritative answer:
Name:	community.cloudflare.com
Address: 104.19.199.151
Name:	community.cloudflare.com
Address: 104.19.195.151
Name:	community.cloudflare.com
Address: 104.19.196.151
Name:	community.cloudflare.com
Address: 104.19.197.151
Name:	community.cloudflare.com
Address: 104.19.198.151

Jules-iMac-2011:~ Jules$ nslookup -debug community.cloudflare.com
Server:		208.67.222.222
Address:	208.67.222.222#53

------------
    QUESTIONS:
	community.cloudflare.com, type = A, class = IN
    ANSWERS:
    ->  community.cloudflare.com
	internet address = 104.19.199.151
	ttl = 300
    ->  community.cloudflare.com
	internet address = 104.19.196.151
	ttl = 300
    ->  community.cloudflare.com
	internet address = 104.19.198.151
	ttl = 300
    ->  community.cloudflare.com
	internet address = 104.19.195.151
	ttl = 300
    ->  community.cloudflare.com
	internet address = 104.19.197.151
	ttl = 300
    AUTHORITY RECORDS:
    ADDITIONAL RECORDS:
------------
Non-authoritative answer:
Name:	community.cloudflare.com
Address: 104.19.199.151
Name:	community.cloudflare.com
Address: 104.19.196.151
Name:	community.cloudflare.com
Address: 104.19.198.151
Name:	community.cloudflare.com
Address: 104.19.195.151
Name:	community.cloudflare.com
Address: 104.19.197.151

Jules-iMac-2011:~ Jules$ traceroute 1.1.1.1
traceroute to 1.1.1.1 (1.1.1.1), 64 hops max, 52 byte packets
 1  192.168.1.1 (192.168.1.1)  0.862 ms  0.337 ms  0.297 ms
 2  * * *
 3  67.59.234.217 (67.59.234.217)  7.802 ms  16.299 ms  9.382 ms
 4  67.59.254.244 (67.59.254.244)  10.813 ms  12.113 ms
    67.59.254.246 (67.59.254.246)  17.068 ms
 5  451be064.cst.lightpath.net (65.19.99.100)  18.577 ms
    65.19.100.6 (65.19.100.6)  15.417 ms
    451be0fe.cst.lightpath.net (65.19.99.254)  10.699 ms
 6  64.15.1.94 (64.15.1.94)  11.233 ms
    64.15.5.36 (64.15.5.36)  20.012 ms
    451be0da.cst.lightpath.net (65.19.120.218)  11.883 ms
 7  nyiix.as13335.net (198.32.160.195)  12.083 ms  13.406 ms  17.286 ms
 8  one.one.one.one (1.1.1.1)  11.674 ms  13.626 ms  12.138 ms

Jules-iMac-2011:~ Jules$ traceroute 1.0.0.1
traceroute to 1.0.0.1 (1.0.0.1), 64 hops max, 52 byte packets
 1  192.168.1.1 (192.168.1.1)  0.832 ms  0.347 ms  0.312 ms
 2  * * *
 3  67.59.234.217 (67.59.234.217)  8.913 ms  14.059 ms  12.660 ms
 4  67.59.254.246 (67.59.254.246)  10.407 ms
    67.59.254.244 (67.59.254.244)  14.141 ms
    67.59.254.246 (67.59.254.246)  9.403 ms
 5  65.19.100.6 (65.19.100.6)  12.853 ms
    64.15.4.76 (64.15.4.76)  10.193 ms
    64.15.4.56 (64.15.4.56)  15.469 ms
 6  rtr102-hu0-4-0-1.in.nycmnyzr.cv.net (64.15.0.74)  18.223 ms
    64.15.1.94 (64.15.1.94)  13.714 ms
    64.15.5.36 (64.15.5.36)  11.764 ms
 7  nyiix.as13335.net (198.32.160.195)  18.004 ms  14.807 ms  18.015 ms
 8  one.one.one.one (1.0.0.1)  13.497 ms  12.146 ms  11.399 ms

Jules-iMac-2011:~ Jules$ dig +short CHAOS TXT id.server @1.1.1.1
"EWR"

Jules-iMac-2011:~ Jules$ dig +short CHAOS TXT id.server @1.0.0.1
"EWR"

Jules-iMac-2011:~ Jules$ dig +tcp @1.1.1.1 id.server CH TXT

; <<>> DiG 9.10.6 <<>> +tcp @1.1.1.1 id.server CH TXT
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56354
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;id.server.			CH	TXT

;; ANSWER SECTION:
id.server.		0	CH	TXT	"EWR"

;; Query time: 13 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sat Sep 29 23:47:55 EDT 2018
;; MSG SIZE  rcvd: 54

Jules-iMac-2011:~ Jules$ dig +tcp @1.0.0.1 id.server CH TXT

; <<>> DiG 9.10.6 <<>> +tcp @1.0.0.1 id.server CH TXT
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53240
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;id.server.			CH	TXT

;; ANSWER SECTION:
id.server.		0	CH	TXT	"EWR"

;; Query time: 13 msec
;; SERVER: 1.0.0.1#53(1.0.0.1)
;; WHEN: Sat Sep 29 23:48:03 EDT 2018
;; MSG SIZE  rcvd: 54

sandro · September 30, 2018, 6:40am

I guess you meant milliseconds, right? Thats not that bad (I have an RTT of 30ms ) but five seconds for a lookup wouldnt be that ideal. Is that for every lookup or just “community”?

jules · September 30, 2018, 3:53pm

No, 15,000ms. At step 2, each star is 5 seconds. I don’t really know what traceroute does so that might be completely normal.

Regardless, 5 seconds to resolve a name is not going to cut it. Especially when I’m debugging something for a client and have all caches disabled.

sandro · September 30, 2018, 3:59pm

Your shell excerpt above was not taken on a European machine I guess so the dot is the decimal separator, not a group separator
So it is 15 milliseconds, you can easily notice that at the first hop with 0.297ms.

Does it consistently take five seconds for everything?

jules · September 30, 2018, 4:05pm

I timed it with my watch. It’s a Seiko. That’s Japanese, so I’m guessing it’s metric.

martin2 · September 30, 2018, 4:07pm

For a full traceroute, it is normal behaviour to take longer time. An asterisk/star means the server didn’t respond to the traceroute request, so those roundtrips will timeout.

Can you post the output of:
time dig +short community.cloudflare.com @1.0.0.1
time dig +short community.cloudflare.com @1.1.1.1
time dig +short community.cloudflare.com @8.8.8.8
time nslookup community.cloudflare.com

Do both nslookup and dig take up to 5 seconds?

sandro · September 30, 2018, 4:08pm

This is because it times out and the time out is probably five seconds (3x 5 seconds).

But how did you time the resolution itself? Also with Japanese precision? But, again, apart from the traceroute (which is 15 milliseconds, believe me ) does the resolution always take five seconds?

jules · September 30, 2018, 4:11pm

This morning nslookup is much faster. But dig still took 5 seconds.

Jules-iMac-2011:~ Jules$ time dig +short community.cloudflare.com @1.0.0.1
104.19.197.151
104.19.198.151
104.19.199.151
104.19.195.151
104.19.196.151

real 0m5.027s
user 0m0.004s
sys 0m0.006s

Jules-iMac-2011:~ Jules$ time dig +short community.cloudflare.com @1.1.1.1
104.19.195.151
104.19.196.151
104.19.197.151
104.19.198.151
104.19.199.151

real 0m0.058s
user 0m0.004s
sys 0m0.006s

Jules-iMac-2011:~ Jules$ time dig +short community.cloudflare.com @8.8.8.8
104.19.195.151
104.19.196.151
104.19.197.151
104.19.199.151
104.19.198.151

real 0m0.060s
user 0m0.004s
sys 0m0.006s

Jules-iMac-2011:~ Jules$ time nslookup community.cloudflare.com
Server: 208.67.222.222
Address: 208.67.222.222#53

Non-authoritative answer:
Name: community.cloudflare.com
Address: 104.19.198.151
Name: community.cloudflare.com
Address: 104.19.195.151
Name: community.cloudflare.com
Address: 104.19.196.151
Name: community.cloudflare.com
Address: 104.19.197.151
Name: community.cloudflare.com
Address: 104.19.199.151

real 0m0.061s
user 0m0.004s
sys 0m0.006s

Jules-iMac-2011:~ Jules$ time nslookup community.cloudflare.com 1.1.1.1
Server: 1.1.1.1
Address: 1.1.1.1#53

Non-authoritative answer:
Name: community.cloudflare.com
Address: 104.19.199.151
Name: community.cloudflare.com
Address: 104.19.195.151
Name: community.cloudflare.com
Address: 104.19.196.151
Name: community.cloudflare.com
Address: 104.19.197.151
Name: community.cloudflare.com
Address: 104.19.198.151

real 0m0.058s
user 0m0.004s
sys 0m0.006s

jules · September 30, 2018, 4:13pm

OK I understand about the timeouts. It’s just prints a star every 5 seconds to let me know it didn’t crash. That makes sense - thank you!

For the resolution time I also used my watch. I might be off a few ms =)

sandro · September 30, 2018, 4:14pm

Hmm, everything except the first dig excerpt looks normal. The 1.0.0.1 dig however did take five seconds and that should not be. Again, is this consistently reproducible or was this a one-time thing?

jules · September 30, 2018, 4:15pm

I stuck with 1.1.1.1 for a week. Then I couldn’t put up with it any more. I’d say at least 75% of the time it took 5 seconds.

sandro · September 30, 2018, 4:16pm

Its not so much about the crash, but an asterisk indicates that that one probe request timed out. Traceroute basically tries to follow the network route and “pings” every single gateway on the way to the destination server. More at traceroute - Wikipedia

A few milliseconds dont matter - it shouldnt be five seconds.

You said you are stuck with 1.1.1.1 but the excerpt showed 1.0.0.1 as being slow. Is it both or just one? So you can confirm it is consistent and its not just one host?

sdayman · September 30, 2018, 4:18pm

I see your requests are going into Newark. There’s probably a massive lane closure slowing down traffic. L.A. doesn’t have these problems:

iRetina:~ scott$ time nslookup community.cloudflare.com
Server: 1.1.1.1
Address: 1.1.1.1#53
Non-authoritative answer:
Name: community.cloudflare.com
Address: 104.19.198.151
Name: community.cloudflare.com
Address: 104.19.199.151
Name: community.cloudflare.com
Address: 104.19.195.151
Name: community.cloudflare.com
Address: 104.19.196.151
Name: community.cloudflare.com
Address: 104.19.197.151
real 0m0.048s
user 0m0.004s
sys 0m0.005s

p.s. You should probably let Cloudflare know when response time is horrendous.

jules · September 30, 2018, 4:22pm

I said “stuck with” meaning I tried it and was unhappy during that time but didn’t give up.

I entered 1.1.1.1 and 1.0.0.1 as my dns servers. So, whichever?

Yes Newark is the main hub around here. I’m about as far east as you can go without getting your feet wet.

I followed the ReadMe: Have problems with 1.1.1.1? *Read Me First* - #3

martin2 · September 30, 2018, 4:41pm

Could you try and resolve through Googles DNS a few times an see if you can reproduce long waiting times?
time dig +short community.cloudflare.com @8.8.8.8

Just for the sake of excluding the possibility that there is something that is tampering with DNS traffic that doesn’t originate from your provider.

jules · September 30, 2018, 5:09pm

I ran it 4 times. They are all under 100ms.

Jules-iMac-2011:~ Jules$ time dig +short community.cloudflare.com @8.8.8.8
104.19.198.151
104.19.196.151
104.19.197.151
104.19.195.151
104.19.199.151

real 0m0.058s
user 0m0.004s
sys 0m0.006s

sandro · September 30, 2018, 5:10pm

And if you run it four times for 1.0.0.1?

jules · September 30, 2018, 5:51pm

Four runs each, both 1.0.0.1 and 1.1.1.1 are under 100ms now as well.

I’ll have to test during the week. Maybe it’s a load issue?

system · June 18, 2021, 9:50pm