A Question about traceroute.. - TCP-IP

This is a discussion on A Question about traceroute.. - TCP-IP ; I have always noticed that my DNS look ups seem slow. I'm not sure how to go about debugging this or fixing it, but my first thought was to do a traceroute to see what was going on. I've noticed ...

+ Reply to Thread
Results 1 to 20 of 20

Thread: A Question about traceroute..

  1. A Question about traceroute..

    I have always noticed that my DNS look ups seem slow.
    I'm not sure how to go about debugging this or fixing it, but my first
    thought was to do a traceroute to see what was going on.

    I've noticed the the second hop always times out... and displays three
    stars..
    this is the log.

    Traceroute has started ...

    traceroute to www.facebook.com (204.15.20.81), 64 hops max, 40 byte
    packets
    1 192.168.1.1 (192.168.1.1) 1.476 ms 1.184 ms 1.067 ms
    2 * * *
    3 rd1no-ge7-0-0-6.cg.shawcable.net (64.59.142.115) 28.742 ms
    14.621 ms 7.509 ms
    4 rc1no-ge6-0-0.cg.shawcable.net (66.163.77.5) 10.896 ms 7.284 ms
    8.177 ms
    5 rc1so-pos15-0.cg.shawcable.net (66.163.77.9) 38.212 ms 10.212
    ms 10.387 ms
    6 rc1wh-pos3-0-0.vc.shawcable.net (66.163.77.197) 22.768 ms 24.816
    ms 21.230 ms
    7 rc2wt-pos7-0.wa.shawcable.net (66.163.76.154) 25.462 ms 25.177
    ms 27.229 ms
    8 rc2sj-pos4-0-0.cl.shawcable.net (66.163.77.110) 72.204 ms 64.534
    ms 64.999 ms
    9 bsw01.pasd.tfbnw.net (198.32.176.71) 82.856 ms 84.780 ms 65.054
    ms
    10 v527.bsw01.sctm.tfbnw.net (204.15.21.73) 62.190 ms 56.805 ms
    72.332 ms
    11 www-d.facebook.com (204.15.20.81) 70.879 ms 65.890 ms 80.837 ms

    Anyone have any thoughts as to why this might be or if it is even
    significant?
    My router is 192.168.1.1


  2. Re: A Question about traceroute..

    SpreadTooThin wrote:
    > I've noticed the the second hop always times out... and displays three
    > stars..


    My understanding is that a star means that no ICMP time-to-live exceeded
    response was received from a probe. So the three stars would mean
    traceroute made 3 attempts to probe at TTL = 2 before giving up.

    There isn't much terribly significant about it. The hop in question is
    almost certainly your Cable modem with NAT enabled. It isn't sending back
    an ICMP error message.

    > this is the log.
    >
    > Traceroute has started ...
    >
    > traceroute to www.facebook.com (204.15.20.81), 64 hops max, 40 byte
    > packets
    > 1 192.168.1.1 (192.168.1.1) 1.476 ms 1.184 ms 1.067 ms
    > 2 * * *
    > 3 rd1no-ge7-0-0-6.cg.shawcable.net (64.59.142.115) 28.742 ms
    > 14.621 ms 7.509 ms


  3. Re: A Question about traceroute..

    On Dec 26, 5:16*pm, Jim Logajan wrote:
    > SpreadTooThin wrote:
    > > I've noticed the the second hop always times out... and displays three
    > > stars..

    >
    > My understanding is that a star means that no ICMP time-to-live exceeded
    > response was received from a probe. So the three stars would mean
    > traceroute made 3 attempts to probe at TTL = 2 before giving up.
    >
    > There isn't much terribly significant about it. The hop in question is
    > almost certainly your Cable modem with NAT enabled. It isn't sending back
    > an ICMP error message.
    >
    > > this is the log.

    >
    > > Traceroute has started ...

    >
    > > traceroute towww.facebook.com(204.15.20.81), 64 hops max, 40 byte
    > > packets
    > > *1 *192.168.1.1 (192.168.1.1) *1.476 ms *1.184 ms *1.067 ms
    > > *2 ** * *
    > > *3 *rd1no-ge7-0-0-6.cg.shawcable.net (64.59.142.115) *28.742 ms
    > > 14.621 ms *7.509 ms


    Its a motorola cable modem... I wonder if it has a web interface...
    but assuming I was able to 'fix' that do you think that would change
    anything?


  4. Re: A Question about traceroute..

    SpreadTooThin wrote:
    > Its a motorola cable modem... I wonder if it has a web interface...
    > but assuming I was able to 'fix' that do you think that would change
    > anything?


    It wouldn't affect anything related to DNS lookup. Is your DNS server
    really at www.facebook.com? If it were, those response times are pretty
    good.

  5. Re: A Question about traceroute..

    In article
    <00916d7f-27fd-4608-aadb-c8f04cd93760@s19g2000prg.googlegroups.com>,
    SpreadTooThin wrote:

    > On Dec 26, 5:16*pm, Jim Logajan wrote:
    > > SpreadTooThin wrote:
    > > > I've noticed the the second hop always times out... and displays three
    > > > stars..

    > >
    > > My understanding is that a star means that no ICMP time-to-live exceeded
    > > response was received from a probe. So the three stars would mean
    > > traceroute made 3 attempts to probe at TTL = 2 before giving up.
    > >
    > > There isn't much terribly significant about it. The hop in question is
    > > almost certainly your Cable modem with NAT enabled. It isn't sending back
    > > an ICMP error message.
    > >
    > > > this is the log.

    > >
    > > > Traceroute has started ...

    > >
    > > > traceroute towww.facebook.com(204.15.20.81), 64 hops max, 40 byte
    > > > packets
    > > > *1 *192.168.1.1 (192.168.1.1) *1.476 ms *1.184 ms *1.067 ms
    > > > *2 ** * *
    > > > *3 *rd1no-ge7-0-0-6.cg.shawcable.net (64.59.142.115) *28.742 ms
    > > > 14.621 ms *7.509 ms

    >
    > Its a motorola cable modem... I wonder if it has a web interface...
    > but assuming I was able to 'fix' that do you think that would change
    > anything?


    When you see three stars, it just means that the device at that hop
    doesn't respond to traceroute probes. It has nothing to do with
    performance in general.

    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    *** PLEASE don't copy me on replies, I'll read them in the group ***

  6. Re: A Question about traceroute..

    On Dec 26, 6:04*pm, Jim Logajan wrote:
    > SpreadTooThin wrote:
    > > Its a motorola cable modem... I wonder if it has a web interface...
    > > but assuming I was able to 'fix' that do you think that would change
    > > anything?

    >
    > It wouldn't affect anything related to DNS lookup. Is your DNS server
    > really atwww.facebook.com?If it were, those response times are pretty
    > good.



    Good point! doh. This is to the first DNS.
    traceroute to 64.59.135.143 (64.59.135.143), 30 hops max, 40 byte
    packets
    1 * * * Request timed out.
    2 rd1no-ge3-0-0-1.cg.shawcable.net (64.59.142.115) 16.644 ms 14.921 ms
    12.889 ms
    3 nsc3.so.cg.shawcable.net (64.59.135.143) 12.841 ms 14.765 ms 34.715
    ms
    Trace complete

  7. Re: A Question about traceroute..

    SpreadTooThin wrote:
    > On Dec 26, 6:04*pm, Jim Logajan wrote:
    >> It wouldn't affect anything related to DNS lookup. Is your DNS server
    >> really atwww.facebook.com?If it were, those response times are pretty
    >> good.

    >
    >
    > Good point! doh. This is to the first DNS.
    > traceroute to 64.59.135.143 (64.59.135.143), 30 hops max, 40 byte
    > packets
    > 1 * * * Request timed out.
    > 2 rd1no-ge3-0-0-1.cg.shawcable.net (64.59.142.115) 16.644 ms 14.921 ms
    > 12.889 ms
    > 3 nsc3.so.cg.shawcable.net (64.59.135.143) 12.841 ms 14.765 ms 34.715
    > ms
    > Trace complete


    Short path (to be expected) and good network response time. The traceroute
    doesn't indicate anything unusual with your connectivity. So that means
    either that name server is potentially overloaded (DNS denial-of-service
    attack is always a possibility) or something odd going on at your end.

    Not much else that I can suggest - perhaps some other reader can take a
    crack at suggesting something. Of course you never specified just how slow
    the response was.

  8. Re: A Question about traceroute..

    On Dec 26, 4:25 pm, SpreadTooThin wrote:

    > Its a motorola cable modem... I wonder if it has a web interface...
    > but assuming I was able to 'fix' that do you think that would change
    > anything?


    Your DNS delay is probably due to bad DNS configuration. For example,
    if you have a long list of domains to lookup, each query that doesn't
    end in a dot requires a lot of lookups. If some of those entries are
    to domains with non-responsive servers, then every lookup will be very
    slow.

    DS

  9. Re: A Question about traceroute..

    SpreadTooThin wrote:
    > I have always noticed that my DNS look ups seem slow.


    As David indicated, it is not uncommon for an ISP to implement a questionable client configuration resulting in poor DNS performance. In addition to the production of erroneous lookups, ISPs can double or triple the load on their own DNS servers. Let's have a look at an ipconfig/all. Resolver optimizations may be possible.

  10. Re: A Question about traceroute..

    On Dec 27, 8:40*am, Network Blackjack wrote:
    > SpreadTooThin wrote:
    > > I have always noticed that my DNS look ups seem slow.

    >
    > As David indicated, it is not uncommon for an ISP to implement a questionable client configuration resulting in poor DNS performance. In addition to the production of erroneous lookups, ISPs can double or triple the load on their own DNS servers. Let's have a look at an ipconfig/all. Resolver optimizations may be possible.


    Shall do.. I will be back there this afternoon.


  11. Re: A Question about traceroute..

    On Wed, 26 Dec 2007, in the Usenet newsgroup comp.protocols.tcp-ip, in article
    ,
    SpreadTooThin wrote:

    NOTE: Posting from groups.google.com (or some web-forums) dramatically
    reduces the chance of your post being seen. Find a real news server.


    >I have always noticed that my DNS look ups seem slow.


    Define "slow"

    >I'm not sure how to go about debugging this or fixing it, but my first
    >thought was to do a traceroute to see what was going on.


    A better first step would be to use a packet sniffer, and see what is
    going on. I don't use OSX, but do you have the classic "tcpdump" or
    "ethereal" (now called "Wireshark")?

    >I've noticed the the second hop always times out... and displays three
    >stars..
    >this is the log.


    What traceroute? The original LBL traceroute from Van Jacobson has
    an extensive man page that specifically addresses this problem.

    >Anyone have any thoughts as to why this might be or if it is even
    >significant?


    Not enough details. Could you be IPv6 enabled? (look to see if a
    packet dump shows your system asking for a "AAAA" record). While
    IPv6 has been around for years, a lot of DNS servers are misconfigured
    and ignore such requests (rather than telling you it doesn't do IPv6).
    The lack of a response to a AAAA query usually causes 5 to 15 seconds
    of added delay before your resolver asks about IPv4.

    Old guy

  12. Re: A Question about traceroute..

    On Dec 27, 8:40*am, Network Blackjack wrote:
    > SpreadTooThin wrote:
    > > I have always noticed that my DNS look ups seem slow.

    >
    > As David indicated, it is not uncommon for an ISP to implement a questionable client configuration resulting in poor DNS performance. In addition to the production of erroneous lookups, ISPs can double or triple the load on their own DNS servers. Let's have a look at an ipconfig/all. Resolver optimizations may be possible.


    On Mac OS X ipconfig /all doesn't work...
    I usually use ifconfig.. but

    usage: ipconfig
    where is one of waitall, getifaddr, ifcount, getoption,
    getpacket, set, setverbose


  13. Re: A Question about traceroute..

    On Dec 27, 1:06*pm, ibupro...@painkiller.example.tld (Moe Trin) wrote:
    > On Wed, 26 Dec 2007, in the Usenet newsgroup comp.protocols.tcp-ip, in article
    > ,
    >
    > SpreadTooThin wrote:
    >
    > NOTE: Posting from groups.google.com (or some web-forums) dramatically
    > reduces the chance of your post being seen. *Find a real news server.
    >
    > >I have always noticed that my DNS look ups seem slow.

    >
    > Define "slow"
    >
    > >I'm not sure how to go about debugging this or fixing it, but my first
    > >thought was to do a traceroute to see what was going on.

    >
    > A better first step would be to use a packet sniffer, and see what is
    > going on. *I don't use OSX, but do you have the classic "tcpdump" or
    > "ethereal" (now called "Wireshark")?
    >
    > >I've noticed the the second hop always times out... and displays three
    > >stars..
    > >this is the log.

    >
    > What traceroute? * The original LBL traceroute from Van Jacobson has
    > an extensive man page that specifically addresses this problem.
    >
    > >Anyone have any thoughts as to why this might be or if it is even
    > >significant?

    >
    > Not enough details. Could you be IPv6 enabled? (look to see if a
    > packet dump shows your system asking for a "AAAA" record). While
    > IPv6 has been around for years, a lot of DNS servers are misconfigured
    > and ignore such requests (rather than telling you it doesn't do IPv6).
    > The lack of a response to a AAAA query usually causes 5 to 15 seconds
    > of added delay before your resolver asks about IPv4.
    >
    > * * * * Old guy


    I believe my mac doest have IPv6 enabled.

  14. Re: A Question about traceroute..

    In article
    <05f4845e-003c-4e66-abe6-8f818af8c2e7@b40g2000prf.googlegroups.com>,
    SpreadTooThin wrote:

    > On Dec 27, 8:40*am, Network Blackjack wrote:
    > > SpreadTooThin wrote:
    > > > I have always noticed that my DNS look ups seem slow.

    > >
    > > As David indicated, it is not uncommon for an ISP to implement a
    > > questionable client configuration resulting in poor DNS performance. In
    > > addition to the production of erroneous lookups, ISPs can double or triple
    > > the load on their own DNS servers. Let's have a look at an ipconfig/all.
    > > Resolver optimizations may be possible.

    >
    > On Mac OS X ipconfig /all doesn't work...
    > I usually use ifconfig.. but
    >
    > usage: ipconfig
    > where is one of waitall, getifaddr, ifcount, getoption,
    > getpacket, set, setverbose


    Resolver configuration is in the text file /etc/resolv.conf.

    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    *** PLEASE don't copy me on replies, I'll read them in the group ***

  15. Re: A Question about traceroute..

    > > SpreadTooThin wrote:
    > > > I have always noticed that my DNS look ups seem slow.


    Network Blackjack wrote:
    As David indicated, it is not uncommon for an ISP to implement a questionable client configuration resulting in poor DNS performance. In addition to the production of erroneous lookups, ISPs can double or triple the load on their own DNS servers. Let's have a look at an ipconfig/all. Resolver optimizations may be possible.

    SpreadTooThin wrote:
    > On Mac OS X ipconfig /all doesn't work...
    > I usually use ifconfig.. but
    >
    > usage: ipconfig
    > where is one of waitall, getifaddr, ifcount, getoption,
    > getpacket, set, setverbose


    http://www.hmug.org/man/8/ipconfig.php

    The above page details the usage of ipconfig in osx. Use 'ipconfig getpacket [interface]'. This will display the information we need. We're looking for the value of domain_name. I'll summarize the process. There exists the DHCP domain name option. This domain name is used by the DNS resolver. The resolver attempts to query all names by first appending the domain name received from the DHCP config. If the name you are trying to resolve is apple.com and the DHCP domain name is cg.shawcable.net, then the resolver will query for apple.com.cg.shawcable.net, then apple.com.shawcable.net and finally, apple.com. The result is two queries for host names that do not exist before the resolver queries the proper name. You have indicated that in your configuration, a router is in use. This means that hosts will not be directly exposed to the ISP DHCP config. Suprisingly, a number of routers will use the wan interface DHCP domain name as the domain name option in their own DHCP leases to LAN hosts. There is a workaround for DHCP domain name configuration in Windows. I am not familiar with a workaround in osx.

  16. Re: A Question about traceroute..

    >
    > The above page details the usage of ipconfig in osx. Use 'ipconfig getpacket [interface]'. This will display the information we need.


    ipconfig getpacket en1
    op = BOOTREPLY
    htype = 1
    flags = 0
    hlen = 6
    hops = 0
    xid = 548251964
    secs = 0
    ciaddr = 0.0.0.0
    yiaddr = 192.168.1.101
    siaddr = 192.168.1.1
    giaddr = 0.0.0.0
    chaddr = 0:1b:63:c8:f9:d
    sname =
    file =
    options:
    Options count is 8
    dhcp_message_type (uint8): ACK 0x5
    server_identifier (ip): 192.168.1.1
    lease_time (uint32): 0x15180
    subnet_mask (ip): 255.255.255.0
    router (ip_mult): {192.168.1.1}
    domain_name_server (ip_mult): {64.59.135.143, 64.59.135.145}
    domain_name (string): cg.shawcable.net
    end (none):

    I noticed you mentioned the DHCP option... Did you need me to try
    that?


  17. Re: A Question about traceroute..

    SpreadTooThin wrote:
    > domain_name (string): cg.shawcable.net


    So, we know the PC is being configured with a DNS domain name and, as detailed, this can cause a delay in name resolution. It may be possible for the PC to ignore the domain name configuration and avoid an unnecessary delay in name resolution.

  18. Re: A Question about traceroute..

    On Dec 31 2007, 1:06*pm, Network Blackjack wrote:
    > SpreadTooThin wrote:
    > > domain_name (string): cg.shawcable.net

    >
    > So, we know the PC is being configured with a DNS domain name and, as detailed, this can cause a delay in name resolution. It may be possible for the PC to ignore the domain name configuration and avoid an unnecessary delay inname resolution.


    Ok.. Well I'm on a MAC...
    I've also noticed that cg.shawcable.net appears in my routers
    configuration (in its web interface)
    Should I remove it from there? I wonder if it gets put there by the
    DHCP configuration automatically.


  19. Re: A Question about traceroute..

    On Jan 1, 11:07 am, SpreadTooThin wrote:

    > Ok.. Well I'm on a MAC...
    > I've also noticed that cg.shawcable.net appears in my routers
    > configuration (in its web interface)
    > Should I remove it from there? I wonder if it gets put there by the
    > DHCP configuration automatically.


    If it appears as a configured domain name that is prepended to DNS
    queries, you probably don't need it there and it may be hurting you.
    It's hard to say without knowing exactly what router you have and
    exactly where that entry appears.

    DS

  20. Re: A Question about traceroute..

    > > SpreadTooThin wrote:
    > > > domain_name (string): cg.shawcable.net


    Network Blackjack wrote:
    > > So, we know the PC is being configured with a DNS domain name and, as detailed, this can cause a delay in name resolution. It may be possible for the PC to ignore the domain name configuration and avoid an unnecessary delay in name resolution.


    SpreadTooThin wrote:
    > Ok.. Well I'm on a MAC...
    > I've also noticed that cg.shawcable.net appears in my routers
    > configuration (in its web interface)
    > Should I remove it from there? I wonder if it gets put there by the
    > DHCP configuration automatically.


    You could try removing it. Reboot or renew the dhcp lease on the computer and verify that no dns domain name is present. Another approach would be to statically configure the computer.

+ Reply to Thread