How to Diagnose Slow DNS Server Response with Ax3soft Unicorn

Unicorn tutorials

Preface

One day, I found that it was very slow to visited the web (www.tianya.cn). After two minutes to have not opened the site yet . I wonder why the web (www.tianya.cn) was so slow today? Is it a problem of our network ?

Diagnose DNS Server Response with Ax3soft Unicorn

Ping the default gateway (192.168.1.1), the gateway  was normal, all response time was less than 1ms and packets ware not dropped. I found that it was very quickly to visited other web (e.g. www.ids-sax2.com) with IE. This excludes browser and network problems. It was very slow to only visited the web (www.tianya.cn). To confirm that own network have no problem, let other friends to visited the web (www.tianya.cn), They tolled me same result. This confirmed that the web (www.tianya.cn) has problem. Was it attacked yet?

Next, I ping the www.tianya.cn and found there was a response after a long time. We know that the first thing is to do DNS resolution when ping a domain name, Is DNS resolves a problem? I cleared DNS cache, ping again. Although the situation was same and got correct IP, but the process was very slow yet, please see the figure below:

Figure 1: Diagnose DNS Server Response by Ping

Form the figure above,  we can see little delay and no loss. So I wanted to analyze DNS resolution of web (www.tianya.cn) with Unicorn analyzer. Launching the Unicorn and enabling the DNS filter to capture DNS packets. then visited the web (www.tianya.cn) by IE. I found the  DNS request of web (www.tianya.cn) was quickly issued and DNS server did not respond, so the client continues sent a lot of DNS request, please see the figure below:

Figure 2: Diagnose DNS Server Response in packets view

Form the figure above,  we can see receiving response form DNS server after 4 second and turning to query login.hainan.net which is login site of  web (www.tianya.cn). We set the time of first packet to query login.hainan.net as base time, we found to finally got the site IP after 15 seconds. please see the figure below:

Figure 3: Diagnose DNS Server Response in packets view

Next, the client return to query my.tianya.cn which is a personal page. We set the time of first packet to query my.tianya.cn as base time. This time we were not lucky, after more than a minute, we did not got the IP address. please see the figure below:

Figure 4: Diagnose DNS Server Response in packets view

Total DNS querying time is 109 seconds (4+15+90), however we still did not got the correct IP address. I think there may be my  DNS server fails. So I changed DNS server, try again and got the same result. So we can be sure that the DNS server has a problem. There may be attacked or DNS server too much pressure , or some DNS server can not resolve a domain name.

Share this