We're running Windows DNS servers, but they are not authoritative. So we point to caching servers as forwarders.
That said, for the following two domains we get a rather long delay in DNS lookup IF the domain hasn't already been cached to our internal DNS.
- internet2.edu
- postgresql.org
So far, we haven't identified any other domains that show such symptom.
I've done a packet capture on port 53 and tested dig with and without the +trace option.
Once it's cached on our DNS server, the subsequent queries come back very quickly using dig with +trace. Without +trace option it caches the NS information and some A records (dns, dns2, dns3) rather quickly. It continues to return status: SERVFAIL until it finally caches the A record for internet.edu. Once cached, the lookup is super fast as expected. If the A record is deleted from cache and the long delay occurs once again.
Any ideas as to why this might be occurring?
$ time dig internet2.edu @dc01
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> +time=300 internet2.edu @dc01
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 33488
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;internet2.edu. IN A
;; Query time: 10401 msec
;; SERVER: x.x.x.x#53(x.x.x.x)
;; WHEN: Thu Sep 8 13:37:55 2016
;; MSG SIZE rcvd: 31
real 0m15.411s
user 0m0.001s
sys 0m0.004s
$ time dig internet2.edu @dc01
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> internet2.edu @dc01
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65026
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;internet2.edu. IN A
;; ANSWER SECTION:
internet2.edu. 56 IN A 207.75.164.248
;; Query time: 2335 msec
;; SERVER: x.x.x.x#53(x.x.x.x)
;; WHEN: Thu Sep 8 13:39:09 2016
;; MSG SIZE rcvd: 47
real 0m2.340s
user 0m0.003s
sys 0m0.001s
