Hey David,
You might want to play with dnsping,dnseval and dnstraceroute. Will definitely show oddities like transparent proxying (ISP/NSP interception), throttling, FW, slowness, etc.
Something like this for udp and then tcp might shine a light.
Code: Select all
# dnsping -t TXT Mar2018._domainkey.aetna.com
# dnsping -T -t TXT Mar2018._domainkey.aetna.com
Code: Select all
% dnsping -h
dnsping version 1.6.4
usage: dnsping [-ehqv] [-s server] [-p port] [-P port] [-S address] [-c count] [-t type] [-w wait] hostname
-h --help Show this help
-q --quiet Quiet
-v --verbose Print actual dns response
-s --server DNS server to use (default: first entry from /etc/resolv.conf)
-p --port DNS server port number (default: 53)
-T --tcp Use TCP instead of UDP
-4 --ipv4 Use IPv4 as default network protocol
-6 --ipv6 Use IPv6 as default network protocol
-P --srcport Query source port number (default: 0)
-S --srcip Query source IP address (default: default interface address)
-c --count Number of requests to send (default: 10)
-w --wait Maximum wait time for a reply (default: 2 seconds)
-i --interval Time between each request (default: 1 seconds)
-t --type DNS request record type (default: A)
-e --edns Disable EDNS0 (default: Enabled)
dnseval at work showing my resolvers from home forcing TCP only. Glad tcp isn't the default.
Code: Select all
% dnseval -T -t TXT aetna.com
server avg(ms) min(ms) max(ms) stddev(ms) lost(%) ttl flags
------------------------------------------------------------------------------------------------------------
X.X.X.1 93.341 74.294 203.824 39.061 %0 3444 QR -- -- RD RA -- --
X.X.X.2 43.587 35.005 75.768 11.668 %0 3443 QR -- -- RD RA -- --
X.X.X.3 84.904 78.863 103.839 7.160 %0 3443 QR -- -- RD RA -- --
X.X.X.4 41.856 36.096 47.739 4.131 %0 3443 QR -- -- RD RA -- --
Be on the look out for any lost queries.
And now for the question of who has a faster resolver from your location - cloudflare or google with TCP and UDP queries.
Code: Select all
mimir:~/src:267> dnsping -s 8.8.4.4 -t TXT Mar2018._domainkey.aetna.com
dnsping DNS: 8.8.4.4:53, hostname: Mar2018._domainkey.aetna.com, rdatatype: TXT
457 bytes from 8.8.4.4: seq=0 time=22.635 ms
457 bytes from 8.8.4.4: seq=1 time=35.038 ms
457 bytes from 8.8.4.4: seq=2 time=51.156 ms
457 bytes from 8.8.4.4: seq=3 time=168.659 ms
457 bytes from 8.8.4.4: seq=4 time=23.281 ms
457 bytes from 8.8.4.4: seq=5 time=32.023 ms
457 bytes from 8.8.4.4: seq=6 time=25.748 ms
457 bytes from 8.8.4.4: seq=7 time=22.588 ms
457 bytes from 8.8.4.4: seq=8 time=51.474 ms
457 bytes from 8.8.4.4: seq=9 time=24.094 ms
--- 8.8.4.4 dnsping statistics ---
10 requests transmitted, 10 responses received, 0% lost
min=22.588 ms, avg=45.670 ms, max=168.659 ms, stddev=44.617 ms
mimir:~/src:268> dnsping -T -s 8.8.4.4 -t TXT Mar2018._domainkey.aetna.com
dnsping DNS: 8.8.4.4:53, hostname: Mar2018._domainkey.aetna.com, rdatatype: TXT
457 bytes from 8.8.4.4: seq=0 time=48.638 ms
457 bytes from 8.8.4.4: seq=1 time=41.929 ms
457 bytes from 8.8.4.4: seq=2 time=43.149 ms
457 bytes from 8.8.4.4: seq=3 time=36.503 ms
457 bytes from 8.8.4.4: seq=4 time=44.185 ms
457 bytes from 8.8.4.4: seq=5 time=36.796 ms
457 bytes from 8.8.4.4: seq=6 time=49.508 ms
457 bytes from 8.8.4.4: seq=7 time=49.160 ms
457 bytes from 8.8.4.4: seq=8 time=43.010 ms
457 bytes from 8.8.4.4: seq=9 time=44.224 ms
--- 8.8.4.4 dnsping statistics ---
10 requests transmitted, 10 responses received, 0% lost
min=36.503 ms, avg=43.710 ms, max=49.508 ms, stddev=4.617 ms
mimir:~/src:269> dnsping -T -s 1.1.1.1 -t TXT Mar2018._domainkey.aetna.com
dnsping DNS: 1.1.1.1:53, hostname: Mar2018._domainkey.aetna.com, rdatatype: TXT
457 bytes from 1.1.1.1: seq=0 time=43.067 ms
457 bytes from 1.1.1.1: seq=1 time=35.887 ms
457 bytes from 1.1.1.1: seq=2 time=41.554 ms
457 bytes from 1.1.1.1: seq=3 time=37.241 ms
457 bytes from 1.1.1.1: seq=4 time=41.034 ms
457 bytes from 1.1.1.1: seq=5 time=46.829 ms
457 bytes from 1.1.1.1: seq=6 time=45.495 ms
457 bytes from 1.1.1.1: seq=7 time=38.116 ms
457 bytes from 1.1.1.1: seq=8 time=41.857 ms
457 bytes from 1.1.1.1: seq=9 time=37.187 ms
--- 1.1.1.1 dnsping statistics ---
10 requests transmitted, 10 responses received, 0% lost
min=35.887 ms, avg=40.827 ms, max=46.829 ms, stddev=3.687 ms
mimir:~/src:270> dnsping -s 1.1.1.1 -t TXT Mar2018._domainkey.aetna.com
dnsping DNS: 1.1.1.1:53, hostname: Mar2018._domainkey.aetna.com, rdatatype: TXT
457 bytes from 1.1.1.1: seq=0 time=24.935 ms
457 bytes from 1.1.1.1: seq=1 time=19.436 ms
457 bytes from 1.1.1.1: seq=2 time=17.202 ms
457 bytes from 1.1.1.1: seq=3 time=16.838 ms
457 bytes from 1.1.1.1: seq=4 time=17.535 ms
457 bytes from 1.1.1.1: seq=5 time=18.322 ms
457 bytes from 1.1.1.1: seq=6 time=16.487 ms
457 bytes from 1.1.1.1: seq=7 time=18.229 ms
457 bytes from 1.1.1.1: seq=8 time=17.798 ms
457 bytes from 1.1.1.1: seq=9 time=18.551 ms
--- 1.1.1.1 dnsping statistics ---
10 requests transmitted, 10 responses received, 0% lost
min=16.487 ms, avg=18.533 ms, max=24.935 ms, stddev=2.411 ms
Now the question ... what does a local resolver look like on our zimbra servers for the same query.
Code: Select all
# dnsping -t TXT Mar2018._domainkey.aetna.com
dnsping DNS: 127.0.0.1:53, hostname: Mar2018._domainkey.aetna.com, rdatatype: TXT
457 bytes from 127.0.0.1: seq=0 time=0.562 ms
457 bytes from 127.0.0.1: seq=1 time=0.427 ms
457 bytes from 127.0.0.1: seq=2 time=0.487 ms
457 bytes from 127.0.0.1: seq=3 time=0.459 ms
457 bytes from 127.0.0.1: seq=4 time=0.507 ms
457 bytes from 127.0.0.1: seq=5 time=0.515 ms
457 bytes from 127.0.0.1: seq=6 time=0.608 ms
457 bytes from 127.0.0.1: seq=7 time=0.448 ms
457 bytes from 127.0.0.1: seq=8 time=0.517 ms
457 bytes from 127.0.0.1: seq=9 time=0.513 ms
--- 127.0.0.1 dnsping statistics ---
10 requests transmitted, 10 responses received, 0% lost
min=0.427 ms, avg=0.504 ms, max=0.608 ms, stddev=0.054 ms
Your numbers should be similar to mine above for unbound after that initial latency for the first fetch to the external resolver. Looks like we are in the same datacenter on my test case as one of .Akamai's NS for aetna. Not as lucky on a Toronto datacenter where it took 82ms for the initial fetch but after that was < 0.5ms for the subsequent 9. If there was ever any doubt what a caching dns server can do it should be gone now.
Ref:
https://github.com/farrokhi/dnsdiag
installed with a single command: pip3 install dnsdiag
Jim