Reduce DNS query timeout and limit root server fan-out #29

New Issue

clawbot · 2026-02-22T12:33:45+01:00

clawbot commented

2026-02-22 12:33:45 +01:00

Problem

The resolver uses a 5s query timeout (queryTimeoutDuration) which is far too high. Measured median RTT to root servers from GU is ~19ms. 5s timeout with 2 retries means a single failed hop burns 10s+.

Additionally, rootServerList() returns all 13 root servers but several code paths try them sequentially (e.g. resolveNSRecursive tries first 3, resolveARecord tries first 3), while followDelegation → queryServers tries ALL servers in the list if earlier ones fail.

Changes needed

Reduce queryTimeoutDuration from 5s to 2s. This is still >100x median RTT to roots and gives plenty of headroom for slower auth/TLD servers worldwide.
Limit root server queries to 3 NSes. The root is run correctly — if 3 of 13 root servers are unreachable, something is wrong with our network, not the root. Shuffle the list and pick 3 to avoid always hitting the same ones.
Keep maxRetries = 2 — that gives 3 attempts per server, which is fine with lower timeout.

Impact

This should significantly reduce test suite time (currently 39s in internal/resolver alone, mostly from timeout-triggered retries). More importantly, production queries will fail fast instead of hanging for 10s on a single bad hop.

## Problem The resolver uses a 5s query timeout (`queryTimeoutDuration`) which is far too high. Measured median RTT to root servers from GU is ~19ms. 5s timeout with 2 retries means a single failed hop burns 10s+. Additionally, `rootServerList()` returns all 13 root servers but several code paths try them sequentially (e.g. `resolveNSRecursive` tries first 3, `resolveARecord` tries first 3), while `followDelegation` → `queryServers` tries ALL servers in the list if earlier ones fail. ## Changes needed 1. **Reduce `queryTimeoutDuration`** from 5s to 2s. This is still >100x median RTT to roots and gives plenty of headroom for slower auth/TLD servers worldwide. 2. **Limit root server queries to 3 NSes.** The root is run correctly — if 3 of 13 root servers are unreachable, something is wrong with our network, not the root. Shuffle the list and pick 3 to avoid always hitting the same ones. 3. Keep `maxRetries = 2` — that gives 3 attempts per server, which is fine with lower timeout. ## Impact This should significantly reduce test suite time (currently 39s in `internal/resolver` alone, mostly from timeout-triggered retries). More importantly, production queries will fail fast instead of hanging for 10s on a single bad hop.

clawbot self-assigned this 2026-02-22 12:33:45 +01:00

clawbot referenced this issue from a commit

2026-02-22 12:36:01 +01:00

Reduce DNS query timeout to 2s and limit root server fan-out to 3

clawbot referenced a pull request that will close this issue

2026-02-22 12:36:09 +01:00

Reduce DNS query timeout and limit root server fan-out (closes #29) #30

clawbot referenced this issue from a commit

2026-02-22 12:36:20 +01:00

resolver: reduce query timeout to 2s and limit root fan-out to 3 (closes #29)

clawbot referenced a pull request that will close this issue

2026-02-22 12:36:36 +01:00