View Full Version : Network speed / DNS lookup slow with "DNS client" active
Lars-Erik
2007-10-31, 21:56
For some reason my system only got 4500 kpbs even if other computers got 5000 on the same connection.
So I started to check what could slow down.
And I soon found that the HOSTS files immunization
slows down the system from 4990 to 4500.
But ONLY when the "DNS client" service is running.
If I disable this the speed is not affected.
But why? One should think that the speed should
increase when the HOSTS entries is cached in the
"DNS client" service (not having to read the file),
but in real-life it's the opposite. Why?
Or doesn't the HOSTS file immunization work when
the "DNS client" service is disabled (isn't the HOSTS
file searched then, or is there any other reason?)?
Anyway, since stopping the DNS client COULD speed
up I wanted to share that with you...
PS! With an empty HOSTS file it IS faster with the
DNS Client running (4990 with it on, 4980 with off :-)
This is in the FAQ here:
http://www.safer-networking.org/en/faq/12.html
Also,please see the note under the heading Block Spyware/Ad Networks on this page,it has an explanation of why the slowdown can sometimes occur when using a large hosts file:
http://www.bleepingcomputer.com/tutorials/tutorial51.html
There is also info about disabling dns client service on this page,with a note about it being intended for home users:
http://www.mvps.org/winhelp2002/hosts.htm
The hosts file immunization still works when dns client service is set to manual or disabled.hth.
Lars-Erik
2007-11-01, 14:18
OK, but when I tested with an empty HOSTS file then the speed was a little bit higher with DNS client running than without (speed with service deisabled is the same no matter the size of the hosts file for some reason).
What is the technical explaination? Why does a large HOSTS file slow down the DNS client but NOT a manual parsing of the HOSTS file each time (when service off)?
BTW: Does the HOSTS file trick do the same as the "forgery" filter in Firefox (that check each server)? And can I turn of this (slows a bit due to the lookup each time) if I have the HOSTS file immunization on (or at least change it do "check against a downloaded list" instead)?
No,the Hosts file trick doesn't do the same as the forgery filter in Firefox.The forgery filter in Firefox warns you if you're on a phishing site.
Spybot's hosts file would prevent you from going to the page,(you'd just see Page Cannot Be Displayed,or something similar.)if it has added the site(s) to the hosts file.Explanation here:
http://www.safer-networking.org/en/dictionary/hostsfile.html
But,if Spybot hasn't happened to add a particular phishing site to the hosts file,then you would go to the phishing site,and not get a warning about it from firefox,so I think you'd be better off using both.It should be okay to select "Check using a downloaded list of suspected sites" in Firefox,though,since I believe the downloaded list of phishing sites is updated very frequently.
According to Bleeping Computer,the DNS client caches previous DNS requests in memory to speed things up,but it also reads the entire HOSTS file into that cache as well,and that's what can sometimes cause a slowdown if you have a very large hosts file.
Lars-Erik
2007-11-02, 13:50
One thing I was wondering about...
When Spybot S&D adds entried to the host file
it repeats the "127.0.0.1" for each hostname...
Is that needed? You can add several hots for each line (I don't know how many, but more than one anyway).
At least they could have the variants on onle line...
Changing:
127.0.0.1 some.site
127.0.0.1 www.some.site
To:
127.0.0.1 some.site www.some.site
One that small change would shrink the file :-)
And if one added lets say 10 entries on each line...
Only a suggestion (maybe I should post it somewhere :-)
md usa spybot fan
2007-11-02, 14:18
Lars-Erik:
Microsoft's default HOSTS file:
# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
#
127.0.0.1 localhost
Note:
Each entry should be kept on an individual line. The IP address should be placed in the first column followed by the corresponding host name. The IP address and the host name should be separated by at least one space.
Lars-Erik
2007-11-02, 14:44
But this is just an example. If a host has several aliases, they can be on the same line.
We have lots of these entries at my office, and it works. We have two domains and have lots of
xxx.xxx.xxx.xxx name name.domain1.no name.domain2.no
So this DOES work 100% (in some hosts files we have the examples contain some with more entries on one line as well).
I think what MS really says is "one line for each IP-number"
md usa spybot fan
2007-11-02, 16:17
Lars-Erik:
You are correct that multiple host names can be associated with an IP address. I found the following statement in references as far back as Windows 95 and 98:
The HOSTS file is a static file used to map host names to IP addresses. This file provides compatibility with the UNIX HOSTS file. The following describes HOSTS file entries:
• A single entry consists of an IP address corresponding to one or more host names.
…References:
Setting Up HOSTS Files
http://www.microsoft.com/technet/archive/win95/rkg_host.mspx?mfr=true
Appendix F - HOSTS and LMHOSTS Files for Windows 98
http://www.microsoft.com/technet/archive/win98/reskit/part7/wrkappf.mspx?mfr=true
Lars-Erik
2007-11-02, 16:25
And then Spybot could at least put all server from the same company on the same line to save some space (and group servers from the same service/company).
in most cases a large HOSTS file (over 135 kb) tends to slow down the machine. This only occurs in W2000/XP/Vista. Windows 98 and ME are not affected.
To resolve this issue (manually) open the "Services Editor"
* Start | Run (type) "services.msc" (no quotes)
* Scroll down to "DNS Client", Right-click and select: Properties
* Click the drop-down arrow for "Startup type"
* Select: Manual, or Disabled (recommended) click Apply/Ok and restart.
http://www.mvps.org/winhelp2002/hosts.htm
Lars-Erik
2007-12-19, 17:18
What about listing similar entries on the same line?
Like:
127.0.0.1 www.somehost.com
127.0.0.1 somehost.com
Becoming:
127.0.0.1 www.somehost.com somehost.com
Only that simple move would make the hosts file smaller.
AND even worse. In the blocked sites list in IE and Firefox, both "www.somehost.com" and "somehost.com" are listed, when you could add "*.somehost.com" (or "*somehost.com") instead. That would same space AND time... The list is awful long, takes ages to open in FF