我们在 ESXi 上有一个 CentOS 7 VM 实例,每次进行需要 DNS 解析(例如“ping”)的网络调用时都会出现延迟。 DNS 服务器位于 Windows 服务器上,并且网络上使用同一 DNS 服务器的其他主机没有出现问题,因此它似乎与 CentOS 中的某些内容隔离。
网络适配器的配置如下:
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no
IPV6_AUTOCONF=no
IPV6_DEFROUTE=no
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens160
UUID=61c69ed9-a97b-40ea-a602-5fe82b9e79cc
DEVICE=ens160
ONBOOT=yes
PEERDNS=no
IPADDR=10.223.27.3
NETMASK=255.255.255.0
GATEWAY=10.223.27.1
DNS1=10.223.27.2
DOMAIN=arndev.com
HWADDR=00:50:56:11:11:01
DNS服务器的IP地址为10.223.27.2
如果我“nslookup”网络上的其他主机之一,它几乎立即返回:
$ time nslookup devtest1
Server: 10.223.27.2
Address: 10.223.27.2#53
Name: devtest1.arndev.com
Address: 10.223.27.51
real 0m0.011s
user 0m0.006s
sys 0m0.005s
如果我“strace”一个“ping”命令,我会发现它几乎立即解析了 IP 地址,然后在 ping 成功到达主机之前进行了两次额外的调用,从而出现延迟。
最初,这两个调用各花费 5 秒才超时,总共延迟了 10 秒。我确实找到了一个“options timeout:1”条目添加到“/etc/resolv.conf”,这意味着我可以将其减少到 2 秒(2 x 1 秒延迟),这显然更好,但绝不理想。
“/etc/resolv.conf”文件定义如下:
options single-request-reopen
options timeout:1
search arndev.com
nameserver 10.223.27.2
如果我仅通过解析的 IP 地址而不是名称进行 ping,则不会有延迟。
我为“ping”命令的“strace”运行的命令如下,我在输出中标记了发生延迟的位置:
$ sudo strace -s 128 -t ping devtest1
PING devtest1.arndev.com (10.223.27.51) 56(84) bytes of data.
<-- delay occurs here, but it's already resolved the IP address -->
64 bytes from 10.223.27.51 (10.223.27.51): icmp_seq=1 ttl=128 time=0.359 ms
64 bytes from 10.223.27.51 (10.223.27.51): icmp_seq=2 ttl=128 time=0.319 ms
64 bytes from 10.223.27.51 (10.223.27.51): icmp_seq=3 ttl=128 time=0.334 ms
64 bytes from 10.223.27.51 (10.223.27.51): icmp_seq=4 ttl=128 time=0.338 ms
我已经在下面的输出中标记了延迟发生的位置(接近结尾):
08:09:41 execve("/bin/ping", ["ping", "devtest1"], [/* 17 vars */]) = 0
08:09:41 brk(NULL) = 0x55f55a5ea000
08:09:41 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3668e11000
08:09:41 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
08:09:41 open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
08:09:41 fstat(3, {st_mode=S_IFREG|0644, st_size=37762, ...}) = 0
08:09:41 mmap(NULL, 37762, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f3668e07000
08:09:41 close(3) = 0
< lines cut for brevity >
08:09:41 connect(4, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
08:09:41 close(4) = 0
08:09:41 socket(AF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 4
08:09:41 connect(4, {sa_family=AF_LOCAL, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
08:09:41 close(4) = 0
08:09:41 open("/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 4
08:09:41 fstat(4, {st_mode=S_IFREG|0644, st_size=1746, ...}) = 0
08:09:41 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3668e10000
08:09:41 read(4, "#\n# /etc/nsswitch.conf\n#\n# An example Name Service Switch config file. This file should be\n# sorted with the most-used services "..., 4096) = 1746
08:09:41 read(4, "", 4096) = 0
08:09:41 close(4) = 0
08:09:41 munmap(0x7f3668e10000, 4096) = 0
08:09:41 stat("/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=113, ...}) = 0
08:09:41 open("/etc/host.conf", O_RDONLY|O_CLOEXEC) = 4
08:09:41 fstat(4, {st_mode=S_IFREG|0644, st_size=9, ...}) = 0
08:09:41 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3668e10000
08:09:41 read(4, "multi on\n", 4096) = 9
08:09:41 read(4, "", 4096) = 0
08:09:41 close(4) = 0
08:09:41 munmap(0x7f3668e10000, 4096) = 0
08:09:41 open("/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = 4
08:09:41 fstat(4, {st_mode=S_IFREG|0644, st_size=113, ...}) = 0
08:09:41 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3668e10000
08:09:41 read(4, "options single-request-reopen\noptions single-request\noptions timeout:1\n\nsearch arndev.com\nnameserver 10.223.27.2\n", 4096) = 113
08:09:41 read(4, "", 4096) = 0
08:09:41 close(4) = 0
08:09:41 munmap(0x7f3668e10000, 4096) = 0
08:09:41 open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 4
08:09:41 fstat(4, {st_mode=S_IFREG|0644, st_size=37762, ...}) = 0
08:09:41 mmap(NULL, 37762, PROT_READ, MAP_PRIVATE, 4, 0) = 0x7f3668e07000
08:09:41 close(4) = 0
08:09:41 open("/lib64/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 4
08:09:41 read(4, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000!\0\0\0\0\0\0@\0\0\0\0\0\0\0x\350\0\0\0\0\0\0\0\0\0\0@\0008\0\7\0@\0!\0 \0\1\0\0\0\5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0(\262\0\0\0\0\0\0(\262\0\0\0\0\0\0\0\0 \0\0\0\0\0\1\0\0\0\6\0\0\0"..., 832) = 832
08:09:41 fstat(4, {st_mode=S_IFREG|0755, st_size=61624, ...}) = 0
08:09:41 mmap(NULL, 2173016, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x7f3660d14000
08:09:41 mprotect(0x7f3660d20000, 2093056, PROT_NONE) = 0
08:09:41 mmap(0x7f3660f1f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0xb000) = 0x7f3660f1f000
08:09:41 mmap(0x7f3660f21000, 22616, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3660f21000
08:09:41 close(4) = 0
08:09:41 mprotect(0x7f3660f1f000, 4096, PROT_READ) = 0
08:09:41 munmap(0x7f3668e07000, 37762) = 0
08:09:41 open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 4
08:09:41 fstat(4, {st_mode=S_IFREG|0644, st_size=305, ...}) = 0
08:09:41 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3668e10000
08:09:41 read(4, "127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4\n::1 localhost localhost.localdomain local"..., 4096) = 305
08:09:41 read(4, "", 4096) = 0
08:09:41 close(4) = 0
08:09:41 munmap(0x7f3668e10000, 4096) = 0
08:09:41 open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 4
08:09:41 fstat(4, {st_mode=S_IFREG|0644, st_size=37762, ...}) = 0
08:09:41 mmap(NULL, 37762, PROT_READ, MAP_PRIVATE, 4, 0) = 0x7f3668e07000
08:09:41 close(4) = 0
08:09:41 open("/lib64/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = 4
08:09:41 read(4, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 \20\0\0\0\0\0\0@\0\0\0\0\0\0\0pr\0\0\0\0\0\0\0\0\0\0@\0008\0\7\0@\0!\0 \0\1\0\0\0\5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\344N\0\0\0\0\0\0\344N\0\0\0\0\0\0\0\0 \0\0\0\0\0\1\0\0\0\6\0\0\0"..., 832) = 832
08:09:41 fstat(4, {st_mode=S_IFREG|0755, st_size=31408, ...}) = 0
08:09:41 mmap(NULL, 2121952, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x7f3660b0d000
08:09:41 mprotect(0x7f3660b12000, 2097152, PROT_NONE) = 0
08:09:41 mmap(0x7f3660d12000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x5000) = 0x7f3660d12000
08:09:41 close(4) = 0
08:09:41 mprotect(0x7f3660d12000, 4096, PROT_READ) = 0
08:09:41 munmap(0x7f3668e07000, 37762) = 0
08:09:41 socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, IPPROTO_IP) = 4
08:09:41 connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.223.27.2")}, 16) = 0
08:09:41 poll([{fd=4, events=POLLOUT}], 1, 0) = 1 ([{fd=4, revents=POLLOUT}])
08:09:41 sendto(4, "\203\336\1\0\0\1\0\0\0\0\0\0\10devtest1\6arndev\3com\0\0\1\0\1", 37, MSG_NOSIGNAL, NULL, 0) = 37
08:09:41 poll([{fd=4, events=POLLIN}], 1, 1000) = 1 ([{fd=4, revents=POLLIN}])
08:09:41 ioctl(4, FIONREAD, [53]) = 0
08:09:41 recvfrom(4, "\203\336\205\200\0\1\0\1\0\0\0\0\10devtest1\6arndev\3com\0\0\1\0\1\300\f\0\1\0\1\0\0\16\20\0\4\n\337\0333", 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.223.27.2")}, [16]) = 53
08:09:41 close(4) = 0
08:09:41 socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
08:09:41 connect(4, {sa_family=AF_INET, sin_port=htons(1025), sin_addr=inet_addr("10.223.27.51")}, 16) = 0
08:09:41 getsockname(4, {sa_family=AF_INET, sin_port=htons(37068), sin_addr=inet_addr("10.223.27.3")}, [16]) = 0
08:09:41 close(4) = 0
08:09:41 setsockopt(3, SOL_RAW, ICMP_FILTER, ~(1<<ICMP_ECHOREPLY|1<<ICMP_DEST_UNREACH|1<<ICMP_SOURCE_QUENCH|1<<ICMP_REDIRECT|1<<ICMP_TIME_EXCEEDED|1<<ICMP_PARAMETERPROB), 4) = 0
08:09:41 setsockopt(3, SOL_IP, IP_RECVERR, [1], 4) = 0
08:09:41 setsockopt(3, SOL_SOCKET, SO_SNDBUF, [324], 4) = 0
08:09:41 setsockopt(3, SOL_SOCKET, SO_RCVBUF, [65536], 4) = 0
08:09:41 getsockopt(3, SOL_SOCKET, SO_RCVBUF, [131072], [4]) = 0
08:09:41 fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
08:09:41 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3668e10000
08:09:41 write(1, "PING devtest1.arndev.com (10.223.27.51) 56(84) bytes of data.\n", 62) = 62
08:09:41 setsockopt(3, SOL_SOCKET, SO_TIMESTAMP, [1], 4) = 0
08:09:41 setsockopt(3, SOL_SOCKET, SO_SNDTIMEO, "\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 16) = 0
08:09:41 setsockopt(3, SOL_SOCKET, SO_RCVTIMEO, "\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 16) = 0
08:09:41 getpid() = 16440
08:09:41 rt_sigaction(SIGINT, {0x55f559e15dd0, [], SA_RESTORER|SA_INTERRUPT, 0x7f3667aa6280}, NULL, 8) = 0
08:09:41 rt_sigaction(SIGALRM, {0x55f559e15dd0, [], SA_RESTORER|SA_INTERRUPT, 0x7f3667aa6280}, NULL, 8) = 0
08:09:41 rt_sigaction(SIGQUIT, {0x55f559e15dc0, [], SA_RESTORER|SA_INTERRUPT, 0x7f3667aa6280}, NULL, 8) = 0
08:09:41 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
08:09:41 ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
08:09:41 ioctl(1, TIOCGWINSZ, {ws_row=35, ws_col=142, ws_xpixel=1136, ws_ypixel=455}) = 0
08:09:41 sendto(3, "\10\0k0@8\0\1\265\373\222]\0\0\0\0Bj\3\0\0\0\0\0\20\21\22\23\24\25\26\27\30\31\32\33\34\35\36\37 !\"#$%&'()*+,-./01234567", 64, 0, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("10.223.27.51")}, 16) = 64
08:09:41 recvmsg(3, {msg_name(16)={sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("10.223.27.51")}, msg_iov(1)=[{"E\0\0Tv\304\0\0\200\1w\361\n\337\0333\n\337\33\3\0\0s0@8\0\1\265\373\222]\0\0\0\0Bj\3\0\0\0\0\0\20\21\22\23\24\25\26\27\30\31\32\33\34\35\36\37 !\"#$%&'()*+,-./01234567", 192}], msg_controllen=32, [{cmsg_len=32, cmsg_level=SOL_SOCKET, cmsg_type=0x1d /* SCM_??? */}], msg_flags=0}, 0) = 84
08:09:41 stat("/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=113, ...}) = 0
08:09:41 open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 4
08:09:41 fstat(4, {st_mode=S_IFREG|0644, st_size=305, ...}) = 0
08:09:41 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3668e0f000
08:09:41 read(4, "127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4\n::1 localhost localhost.localdomain local"..., 4096) = 305
08:09:41 read(4, "", 4096) = 0
08:09:41 close(4) = 0
08:09:41 munmap(0x7f3668e0f000, 4096) = 0
<-- delay starts here -->
08:09:41 socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, IPPROTO_IP) = 4
08:09:41 connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.223.27.2")}, 16) = 0
08:09:41 poll([{fd=4, events=POLLOUT}], 1, 0) = 1 ([{fd=4, revents=POLLOUT}])
08:09:41 sendto(4, "o\262\1\0\0\1\0\0\0\0\0\0\00251\00227\003223\00210\7in-addr\4arpa\0\0\f\0\1", 43, MSG_NOSIGNAL, NULL, 0) = 43
08:09:41 poll([{fd=4, events=POLLIN}], 1, 1000) = 0 (Timeout)
08:09:42 poll([{fd=4, events=POLLOUT}], 1, 0) = 1 ([{fd=4, revents=POLLOUT}])
08:09:42 sendto(4, "o\262\1\0\0\1\0\0\0\0\0\0\00251\00227\003223\00210\7in-addr\4arpa\0\0\f\0\1", 43, MSG_NOSIGNAL, NULL, 0) = 43
08:09:42 poll([{fd=4, events=POLLIN}], 1, 1000) = 0 (Timeout)
08:09:43 close(4) = 0
<-- delay ends here -->
08:09:43 open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 4
08:09:43 fstat(4, {st_mode=S_IFREG|0644, st_size=37762, ...}) = 0
08:09:43 mmap(NULL, 37762, PROT_READ, MAP_PRIVATE, 4, 0) = 0x7f3668df7000
08:09:43 close(4) = 0
08:09:43 open("/lib64/libnss_myhostname.so.2", O_RDONLY|O_CLOEXEC) = 4
有人知道什么可能导致这种延迟吗?如果您需要其他命令的输出,我很乐意提供...
最佳答案
我通过在映射到同一子网的 Windows DNS 服务器上创建“反向查找区域”解决了该问题。
由于我的 IP 地址是 10.223.27.xxx,反向查找区域被创建(并自动命名)为“27.223.10.in-addr.arpa”。
我相信这个名称与“strace”命令中超时的两个套接字调用相匹配。
08:09:42 sendto(4, "o\262\1\0\0\1\0\0\0\0\0\0\00251\00227\003223\00210\7in-addr\4arpa\0\0\f\0\1", 43 , MSG_NOSIGNAL, NULL, 0) = 43
ping 和其他网络相关操作现在都可以毫无延迟地执行。
关于linux - CentOS 上使用 DNS 的所有网络事件延迟,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58179383/