search

netbirdio / netbird

Connect your devices into a single secure private WireGuard®-based mesh network with SSO/MFA and simple access controls.
https://netbird.io
BSD 3-Clause "New" or "Revised" License
9.83k stars 425 forks source link

Slow DNS resolv when netbird is up #2222

Open arthur-trt opened 4 days ago

arthur-trt commented 4 days ago

Describe the problem

Each request used with Netbird and an output node is very slow on MacOs (can't test on other OS). This seems to be due to time-consuming DNS resolution: 

❯ netbird up ; sleep 5 ; httpstat https://console.scaleway.com/                                                           
Connected
Connected to 172.67.8.213:443 from 100.66.92.203:58487

HTTP/2 200 
date: Mon, 01 Jul 2024 13:01:03 GMT
content-type: text/html
last-modified: Mon, 01 Jul 2024 12:38:45 GMT
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
referrer-policy: origin
x-frame-options: SAMEORIGIN
x-scw-version: e07552cad646bbd874a2cf6ad2dbd74856b82d58
x-scw-app-version: console@3.343.0
content-security-policy: frame-ancestors 'self' https://account.scaleway.com
cache-control: public, max-age=60, stale-while-revalidate=300, stale-if-error=86400
alt-svc: h3=":443"; ma=86400
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 89c6951ebeb103f3-CDG

Body stored in: /var/folders/6r/545w1_bx7s58jf3nzk5tbj_w0000gp/T/tmprxn5qijm

  DNS Lookup   TCP Connection   TLS Handshake   Server Processing   Content Transfer
[   4493ms   |      838ms     |     167ms     |       162ms       |        1ms       ]
             |                |               |                   |                  |
    namelookup:4493ms         |               |                   |                  |
                        connect:5331ms        |                   |                  |
                                    pretransfer:5498ms            |                  |
                                                      starttransfer:5660ms           |
                                                                                 total:5661ms 

❯ netbird down ; sleep 5 ; httpstat https://console.scaleway.com/
Connected to 104.22.20.81:443 from 10.42.101.31:58508

HTTP/2 200 
date: Mon, 01 Jul 2024 13:01:13 GMT
content-type: text/html
last-modified: Mon, 01 Jul 2024 12:38:45 GMT
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
referrer-policy: origin
x-frame-options: SAMEORIGIN
x-scw-version: e07552cad646bbd874a2cf6ad2dbd74856b82d58
x-scw-app-version: console@3.343.0
content-security-policy: frame-ancestors 'self' https://account.scaleway.com
cache-control: public, max-age=60, stale-while-revalidate=300, stale-if-error=86400
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 10
server: cloudflare
cf-ray: 89c695619a016fdc-CDG

Body stored in: /var/folders/6r/545w1_bx7s58jf3nzk5tbj_w0000gp/T/tmp7idbdhwe

  DNS Lookup   TCP Connection   TLS Handshake   Server Processing   Content Transfer
[    29ms    |       7ms      |     18ms      |       17ms        |        0ms       ]
             |                |               |                   |                  |
    namelookup:29ms           |               |                   |                  |
                        connect:36ms          |                   |                  |
                                    pretransfer:54ms              |                  |
                                                      starttransfer:71ms             |
                                                                                 total:71ms

We use an exit node and a DNS configuration at netbird level applied to the group: "All".

Expected behavior

A clear and concise description of what you expected to happen.

Are you using NetBird Cloud?

SelfHosted Netbird

NetBird version

0.28.3

NetBird status -d output:

OS: darwin/arm64
Daemon version: 0.28.3
CLI version: 0.28.3
Management: Connected to https://netbird.lockself.com:443
Signal: Connected to https://netbird.lockself.com:443
Relays: 
  [stun:netbird.lockself.com:3478] is Available
  [turn:netbird.lockself.com:3478?transport=udp] is Available
Nameservers: 
  [1.1.1.1:53, 1.0.0.1:53] for [.] is Available
FQDN: arthurs-macbook-air.netbird.selfhosted
NetBird IP: 100.66.92.203/16
Interface type: Userspace
Quantum resistance: false
Routes: -
Peers count: 5/6 Connected

(I'm don't think peer details is revelant here, but if you need it i can send it)

Additional context

Dig query time seems quick: 

❯ dig A console.scaleway.com

; <<>> DiG 9.10.6 <<>> A console.scaleway.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64385
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;console.scaleway.com.          IN      A

;; ANSWER SECTION:
console.scaleway.com.   600     IN      CNAME   console.scaleway.com.cdn.cloudflare.net.
console.scaleway.com.cdn.cloudflare.net. 300 IN A 104.22.20.81
console.scaleway.com.cdn.cloudflare.net. 300 IN A 104.22.21.81
console.scaleway.com.cdn.cloudflare.net. 300 IN A 172.67.8.213

;; Query time: 44 msec
;; SERVER: 100.66.255.254#53(100.66.255.254)
;; WHEN: Mon Jul 01 15:11:48 CEST 2024
;; MSG SIZE  rcvd: 287