Re[2]: What can make DNS lookups slow?

To: debian-user@lists.debian.org
Subject: Re[2]: What can make DNS lookups slow?
From: Chris Evans <stats@psyctc.org>
Date: Sat, 15 Jan 2005 15:19:00 +0000
Message-id: <[🔎] 19510114762.20050115151900@psyctc.org>
Reply-to: Chris Evans <stats@psyctc.org>
In-reply-to: <[🔎] 41E84BC7.8020802@amfes.com>
References: <[🔎] 637969158.20050113093316@psyctc.org> <[🔎] 41E6B53F.1060402@amfes.com> <[🔎] 41E6B7FA.2080703@amfes.com> <[🔎] 1615498751.20050114082434@psyctc.org> <[🔎] 41E84BC7.8020802@amfes.com>

Friday, January 14, 2005, 10:46:31 PM, Daniel wrote:

>>DLM> route -n
>>
>>Kernel IP routing table
>>Destination     Gateway         Genmask         Flags Metric Ref  Use Iface
>>217.34.100.194  0.0.0.0         255.255.255.255 UH    0      0    0 eth2
>>217.34.100.192  0.0.0.0         255.255.255.248 U     0      0    0 eth0
>>192.168.2.0     0.0.0.0         255.255.255.0   U     0      0    0 eth2
>>192.168.1.0     0.0.0.0         255.255.255.0   U     0      0    0 eth1
>>0.0.0.0         217.34.100.198  0.0.0.0         UG    0      0    0 eth0
>>  
>>
DLM> execute:
DLM>     route del 217.34.100.194

DLM> that should kill the bogus eth2 entry.

DLM> Then see what happens.
Nothing bogus about that entry at all and I really don't want to
delete it but can confirm that the system has the same problems when I
do.  That has to be there to route things to and from the
http/https/smtp server in the dmz beyond eth2.  That is served
separately from the internal network which has no need to be visible
from the outside at all.  This is a pretty standard three card
hardware firewall I believe and has worked fine for some years until
recently.

I have made _some_ progress though not solved everything.  First thing
I've discovered is that my ISP's DNS servers are replying through
other machines with private range IP addresses which were being
filtered out by my firewall since it is set up to ignore private
addresses from outside (on the not entirely unreasonable belief that I
think many firewalls operate that nothing should be coming to them
from those addresses).  I had been assuming, stupidly, that those
iptables rejections were irrelevant.  Trouble I've got now is how to
use shorewall to set the iptables commands to accept these packets
since they are coming from a private address, not the one to which the
firewall sent the request, and they're routed back to the MAC address,
not to the IP address of that interface.

I don't think that's the whole story either though and I think another
issue may be that the ISP's servers are simply sometimes very slow or
else return time outs when they shouldn't.  Ugh.  This is a nightmare.

Still very keen to hear any thoughts from anyone.

TIA,

Chris

Reply to:

Follow-Ups:
- Re[3]: What can make DNS lookups slow? [semi-solved]
  - From: Chris Evans <stats@psyctc.org>

References:
- Re[2]: What can make DNS lookups slow?
  - From: Chris Evans <stats@psyctc.org>
- Re: What can make DNS lookups slow?
  - From: "Daniel L. Miller" <dmiller@amfes.com>
- Re: What can make DNS lookups slow?
  - From: "Daniel L. Miller" <dmiller@amfes.com>
- Re[2]: What can make DNS lookups slow?
  - From: Chris Evans <stats@psyctc.org>
- Re: What can make DNS lookups slow?
  - From: "Daniel L. Miller" <dmiller@amfes.com>

Prev by Date: Can one create a "Change password on first login"?
Next by Date: Re: Courier-imap & squirrelmail: Maildir structure problem.
Previous by thread: Re: What can make DNS lookups slow?
Next by thread: Re[3]: What can make DNS lookups slow? [semi-solved]
Index(es):
- Date
- Thread