Re: Slow connections in Debian squeeze

On Mon, Dec 07, 2009 at 10:41:35AM +0100, Nick Douma wrote:
On 7-12-2009 1:15, Andrew Sackville-West wrote:
On Sun, Dec 06, 2009 at 04:08:11PM -0800, Andrew Sackville-West wrote:
On Mon, Dec 07, 2009 at 01:56:06AM +0200, Andrei Popescu wrote:
[..]

This sounds like an ipv4/ipv6 issue. Maybe this NEWS.Debian entry for
libc6 has the solution:

glibc (2.9-8) unstable; urgency=low

Starting with version 2.9-8, unified IPv4/IPv6 lookup have been enabled
in the glibc's resolver. This is faster, fixes numerous of bugs, but is
problematic on some broken DNS servers and/or wrongly configured
firewalls.

If such a DNS server is detected, the resolver switches (permanently
for that process) to a mode where the second request is sent only when
the first answer has been received. This means the first request will
be timeout, but subsequent requests should be fast again. This
behaviour can be enabled permanently by adding 'options single-request'
to /etc/resolv.conf.

Andrei, I owe you a beer!

That's done it right there. Now it's just a matter of figuring out
whether it's my firewall or my dns server that's broken... :)

blech... it's my firewall, or several public dns servers are broken...

A

How did you go about checking this? I use OpenDNS as dns servers and no
other firewall than what comes with Debian by default.

I just googled a list of public dns servers and tried several in a
row. They all showed the same problem suggesting that the problem is
local to me. Or, as I said, I happened to use only servers in the
broken subset of available public servers.

specifically, it was a series of edits to /etc/resolv.conf to point to
different servers and toggling the single-request option.

regardless, it's nice to be snappy again. I didn't realise how
annoying it was...

A

Attachment: signature.asc
Description: Digital signature

Relevant Pages

  • Re: DNS Issue
    ... SBS Server runs DNS and forwards to 2 ISP DNS Servers ... Same subnet for all machines ... What type of firewall do you have? ... Instead of the website you're using, I suggest to use OEx (Outlook Express ...
    (microsoft.public.windows.server.dns)
  • Re: DNS with IPTables Problem
    ... the traffic from the real world to the DNS servers and ... back is not related to the firewall being worked on at this point. ... the privately addressed network. ... Packets that pass through the firewall ...
    (comp.os.linux.security)
  • Re: Directory Service Event 1311
    ... my case, it seemed to be a firewall problem too, but my Cisco router guy does ... there any specific ports they had to open up in the firewall? ... My problem is how to prove to the router guy that it is an access control ... I had to point all DNS servers, ...
    (microsoft.public.windows.server.active_directory)
  • On security, in a nutshell..
    ... I recommend you to check your security measures one more time. ... Run an hardware firewall, this is the best thing you can do. ... than Customize, Attacks, select all. ... any morbose friendship alive within your dns servers network. ...
    (microsoft.public.windows.vista.general)
  • Re: Restrict Dynamic Updates
    ... Our current production network doesn't have a perimeter firewall, ... Our current DNS servers provide both external/internal name ... The current plan is to continue to point our clients to the BIND DNS servers ... the article "HOW TO Configure DNS for Internet Access in Windows Server ...
    (microsoft.public.windows.server.dns)