Re: Slow DNS requests?

On Tue, 14 Mar 2006, in the Usenet newsgroup comp.os.linux.networking, in
article <ahvhe3-tf7.ln1@xxxxxxxxxxxxxxxx>, Jim R wrote:

I am running Suse 9.1 on a dual-boot machine in a personal home network.
The problem is apparent on Linux, but not on WinXp on the same machine.
Here is the topology best as I can map it using clumsy ASCII

OK, first thing to check is to see if your system is asking for IPv6
addresses before asking for IPv6. Do that by using 'tcpdump' and
watching the packets. You _don't_ want to see a 'AAAA' query. 'A' and
'PTR' queries are fine, but not 'AAAA'. IPv6 may be the coming thing, and
many Linux distributions are capable of it, but the world isn't there yet.

[compton ~]$ grep -c US IP.ADDR/stats/[ALR]* | grep -v :0
IP.ADDR/stats/APNIC:6
IP.ADDR/stats/ARIN:31349
[compton ~]$ grep -c US IP.ADDR/stats/IPv6.current.data
209
[compton ~]$

Translation: There were (as of mid February) 31355 IPv4 network assignments
and allocations in the US. Same date, there are but 209 IPv6 allocations and
no assignments in the US.

If this is the problem, try googling for 'SuSE ipv6 off' which should turn up
the magic hammer to use on YAST.

In the BEFSR41, I am running DHCP. The Charter.net DNS entered into the
setup there are 241.151.8.210, 241.151.8.211 and 66.189.130.5.

REJECT!!! The 241.151.8.x values are impossible. They _MIGHT_BE_
24.151.8.x... yeah, that looks likely. 24.151.8.210 and .211 are
nameservers 1 and 2 for ct.charter.com, while 66.189.130.5 is
ns1.plt.ny.charter.com, and all three are answering nameservice queries.

I do not remember where I got those, but it must have been from Charter.net
when I set the system up over a year ago. When I search the Charter.net
support site now, it does not talk about DNS addresses. It almost seems
to go a long way to avoid the subject.

Yeah, they don't want to scare people with those technical thingys. There's
a long way to find out, involving whois queries, and then asking the name
servers listed there. The "windoze" way is to use DHCP and hope that the
MSCE who set up the server didn't fumble-finger something.

In Suse, I use Yast to enter the DNS setup page. These values seem to
be stored in the file /etc/resolv.conf. It offers one set of entries
for "Name Servers" and a different set for "Domain Search". Under Name
Servers, I have entered the same IPs as shown above in the BEFSR41.

Fine - correct the tpyo, and things might get a little better.

Under Domain Search, I have entered charter.net for lack of something
more clever.

[compton ~]$ whatis resolver
resolver (5) - resolver configuration file
resolver [resolv] (5) - resolver configuration file
[compton ~]$

Look what gets into the /etc/resolv.conf file, and compare that to the
man page.

Another area is my iptables blocking file. I run a small http server,
and as soon as I started it several months ago, the hackers tried to
break in. From the logs, I can see the IPs of the attacking clients. I
read a bit about iptables, and figured that I could block these clients
out by dropping their IP address. I have about 50 entries in the table
so far.

I don't know what your Terms And Conditions are - most cable services get
all frowny about you running a server on a residential connection. Blocking
by individual IP addresses is a loosing battle - as of the middle of last
month, there were 1,331,371,776 IPv4 addresses in the USA alone - double
that world wide. I don't know how many people in the world you expect to
visit your site, but a better idea is to allow specific addresses (or even
blocks of addresses) rather than trying to block things individually.

$IPTABLES -A INPUT -i eth0 -p tcp --dport 138 -j ACCEPT
$IPTABLES -A INPUT -i eth0 -p tcp --dport 139 -j ACCEPT
$IPTABLES -A INPUT -i eth0 -p udp --dport 138 -j ACCEPT
$IPTABLES -A INPUT -i eth0 -p udp --dport 139 -j ACCEPT

I hope you are blocking that crap at your perimeter.

# Allow pings, but reject the rest
$IPTABLES -A INPUT -i eth0 -p icmp -j ACCEPT

You're accepting ICMP, not just pings.

You may want to look at the Security-Quickstart-HOWTO - it wasn't written
specific to SuSE, but it may give you better ideas. It should be on your
system, or grab it from the LDP.

Old guy
.

Relevant Pages

  • RE: Strange Irregular DNS/Networking Problems
    ... Never heard about this kind of problem with IPv6, but think this is because it is not used so much until now. ... What i heard is that firefox or some other not MS browsers and addons make problems with DNS resolving after changing DNS servers. ... After resetting the domain controller and booting up things are back ...
    (microsoft.public.windows.server.dns)
  • Re: Ipv6 - performance results on red hat linux.
    ... similar things but IPsec happens at a different layer unless ... The processes then would tend to be CPU bound, not protocol stack bound so ... repeating the same tests with IPv6 should produce the same differences ... (also note - RedHat Linux or another brand of linux will produce extremely ...
    (RedHat)
  • Re: curious DNS behavior on a 7.0...
    ... I set up a test IPv6 IP on an interface on a 100Mbps LANx ... the query time for both is ... Note that my resolver on 'cohiba' points to 208.70.104.3. ...
    (freebsd-questions)
  • Re: [SLE] DHCP ipv6
    ... joe&jill most probably have no need, but the only visible signs of IPv6 ... So is there any point in _not_ supporting it by default? ... Let's keep in mind that linux & unix runs a significant chunk of what ... site-wide spam filters at catherders.com. ...
    (SuSE)
  • Re: Linux still surfs slower than Windows
    ... That wouldn't explain why the Linux browser chokes on any given ... >>up with the same DNS configurations. ... > Does your DNS servers support IPv6? ...
    (comp.os.linux.networking)