I had experience of an aruba product flagging high DHCP response times, and it was somewhat frustrating because there was no evidence in the DHCP server logs that anything was amiss: every received packet had a subsecond response time, there were no drops on any of the network interfaces statistics, but the alerts continued to accumulate.
After much digging it turned out that the Linux kernel did not have a large enough internal buffer for received UDP packets and was dropping them after receipt, but before the DHCP server Check to see if you have drops recorded in /proc/net/udp [the statistics are reset when processes restart. The kernel uses more than the data received size to buffer and the limit for all received UDP packets is by default only 131071 bytes, so a relatively small number of packets could overload the buffer]. I'm going to suggest on linux-based DNS and DHCP servers this limit probably wants to be a LOT larger. I've not run DHCP on Windows. Next, you might want to check what the actual DNS lookup is being performed. The default DNS UDP packet size is 512 bytes, so if the queries have a reply larger than that the client MAY switch to TCP, which will cause a redo of the lookups, and latency. I see this in places with AD-connected DNS servers where the DNS server role is added to all of the AD servers or you've a lot of TXT records associated with a domain. [the 'ANY' reply for purdue.edu for example is over 1600 bytes] Hope these pointers provide some help to someone. Richard Letts Director, Networking and Telecommunications Purdue University [email protected]<mailto:[email protected]> O: 765-496-1663 C: 206-790-5837 From: The EDUCAUSE Wireless Issues Community Group Listserv <[email protected]> On Behalf Of Ian Lyons Sent: Friday, July 24, 2020 9:18 AM To: [email protected] Subject: Re: [WIRELESS-LAN] High DNS Lookup Time - Aruba Sensor I too have alot of False positives with "high dns". However, dont throw the baby out with the bathwater.... I have found 3 problems with flapping circuits or errors of configuration as a result of having these sensors on premise. Mostly in my student vlans-where during the summer I have no users and it is also when I make changes... So helpful big brother. Ian Cheers Ian J Lyons Senior Network Engineer - Rollins College 401.413.1661 Cell 407.628.6396 Desk ________________________________ From: The EDUCAUSE Wireless Issues Community Group Listserv <[email protected]<mailto:[email protected]>> on behalf of Lee H Badman <[email protected]<mailto:[email protected]>> Sent: Friday, July 24, 2020 8:47 To: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> Subject: Re: [WIRELESS-LAN] High DNS Lookup Time - Aruba Sensor * External Email * Aaron, If the UX sensors are evolved from Aruba's Cape acquisition, I can tell you that I had a lot, as in A LOT, of false positives on High DNS lookup times that absolutely could not be replicated by any other sensor or manual attempt when I was evaluating them. See attached- my inbox would fill with these, and again, there were no corroborating data points. It didn't matter where I put the sensors on multiple networks, this alert to many target endpoints that were doing just fine were a fact of life. The sensors were awesome in many other ways, but in this regard became one more thing to ignore, FWIW. Again, I'm assuming that Cape is the underlying technology here. If not, then disregard. Lee Badman | Network Architect (CWNE#200) Information Technology Services (NDD Group) 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244 t 315.443.3003 e [email protected]<mailto:[email protected]> w its.syr.edu Campus Wireless Policy: https://answers.syr.edu/display/network/Wireless+Network+and+Systems<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fanswers.syr.edu%2Fdisplay%2Fnetwork%2FWireless%2BNetwork%2Band%2BSystems&data=02%7C01%7Cilyons%40ROLLINS.EDU%7C71a018067f004fa130c108d82fcfc7ff%7Cb8e8d71a947d41dd81dd8401dcc51007%7C0%7C0%7C637311916834429094&sdata=t1NxUMQmbH%2BPXebITKw4f%2B%2Bt0BbmHfjrss6LEVqRedM%3D&reserved=0> SYRACUSE UNIVERSITY syr.edu From: The EDUCAUSE Wireless Issues Community Group Listserv <[email protected]<mailto:[email protected]>> On Behalf Of Aaron D. DeVall Sent: Thursday, July 23, 2020 6:25 PM To: [email protected]<mailto:[email protected]> Subject: [WIRELESS-LAN] High DNS Lookup Time - Aruba Sensor Hey all - I'm a relatively new Network Administrator with a lot to learn. First off, thank you all for your conversations in this group. I'm learning new stuff every day. We are having an odd problem at our University. We are using an Aruba UX monitor to check our Staff and Student network. Recently, however, we've been getting frequent notifications for High DNS lookup time. To be Frank, we just aren't sure what that means and couldnt find anything obvious on our DNS indicating any problems. Two obvious recent changes we have made: - New Wildcard Certificate (this was done a couple weeks before the message) -Upgraded from an HP Procrurve to Aruba CX switch where this monitor is located (and powering the APs) (this was done about a month before the messages) Just throwing this out here because I just don't know where to even start looking or frankly what this message even means. .... ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
