Very slow dns lookup using proxy_pass

musicdenotation · January 4, 2014, 4:43am

I am seeing very slow DNS lookup times ( > 2 seconds ) using proxy_pass,
even though dig response times on the server are quick. Here is the
nginx
configuration block:

location ~ ^/v1/(?.*) {
resolver 8.8.4.4 4.4.4.4 valid=300s;
resolver_timeout 10s;
proxy_pass https://$remote_user.mydomain.com/api/;
proxy_hide_header Vary;
proxy_set_header X-Real-IP $remote_addr;
proxy_connect_timeout 10s;
proxy_read_timeout 60s;
proxy_ssl_session_reuse on;
}

I am using Google Public DNS. Here is a result from: dig
demo.mydomain.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> demo.mydomain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37997
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;demo.mydomain.com. IN A

;; ANSWER SECTION:
demo.mydomain.com. 299 IN A X.X.X.X

;; Query time: 187 msec
;; SERVER: 8.8.4.4#53(8.8.4.4)
;; WHEN: Fri Jan 3 19:40:32 2014
;; MSG SIZE rcvd: 50

Any ideas why this is so slow, and solutions?

Posted at Nginx Forum:

justin · January 4, 2014, 4:53am

On 4 January 2014 03:42, justin [email protected] wrote:

I am seeing very slow DNS lookup times ( > 2 seconds ) using proxy_pass,
even though dig response times on the server are quick
[snip]
Any ideas why this is so slow, and solutions?

Please demonstrate a slow request, and show the data that leads you to
believe that DNS lookups from nginx are the problem.

Jonathan

justin · January 4, 2014, 5:11am

Hi Jonathan,

Using time is the only way I know how to demonstrate this:

FIRST TIME TOOK: 5.8 seconds

➜ ~ time curl -i -u demo: https://api.mydomain.com/v1/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Jan 2014 04:07:50 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31556926
Cache-Control: no-cache, no-store
Access-Control-Max-Age: 300
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS

{“version”:“v1”} curl -i -u demo: https://api.mydomain.com/v1/ 0.54s
user
0.01s system 9% cpu 5.857 total

EXECUTED AGAIN, IMMEDIATELY AFTER. TOOK: 197ms

➜ ~ time curl -i -u demo: https://api.mydomain.com/v1/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Jan 2014 04:07:54 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31556926
Cache-Control: no-cache, no-store
Access-Control-Max-Age: 300
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS

{“version”:“v1”} curl -i -u demo: https://api.mydomain.com/v1/ 0.05s
user
0.01s system 27% cpu 0.197 total

Posted at Nginx Forum:

justin · January 6, 2014, 9:35pm

Anybody have any further insight on this? Consistently slow DNS lookups
from
nginx, even though dig shows fast query times.

Posted at Nginx Forum:

justin · January 6, 2014, 10:07pm

On 6 January 2014 20:34, justink101 [email protected] wrote:

Consistently slow DNS lookups from
nginx

I really don’t think you’ve demonstrated anything that points to
that conclusion. Do some tcpdump’ing. Show the data. Show your
working.

J