Some peace and quiet

Matthew Seaman m.seaman at
Wed Oct 8 14:28:07 BST 2003

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Oct 08, 2003 at 12:50:24PM +0100, Josef Karthauser wrote:
> On Wed, Oct 08, 2003 at 09:52:22AM +0100, jon at wrote:
> > Hiya
> >=20
> >=20
> > > Now here's a problem I've seen before.
> > >
> > > When sysinstall says something like
> > >
> > > "Looking up"
> > >
> > > and sits there until I abort
> >=20
> > I've seen this before, but I have no idea what causes it.  I can switch=
> > another VT and pftp to the same site with no problems.
> >=20
> Is it a passive mode ftp problem? Are you behind a firewall?  If so use
> the 'ftp passive' option from within sysinstall.

Hmmm.. I don't think Jon even gets as far as make the FTP connection:
the problem seems to be in the DNS lookup.

Here's a theory: you're behind a stateful firewall which your
recursive DNS server is the other side of.  Sometimes when you do a
DNS lookup the response can be so slow that the UDP connection times
out before your DNS server can get the data back to you.  Of course,
if you immediately retry the lookup, your DNS server can answer almost
instantaneously out of its cache.

If the firewall happens to be ipfw(8) and local to your machine and
you've got logging of denied packets turned on, then you should see a
number of log lines like:

   .... /kernel: ipfw: 999 Deny UDP ....

Where is the IP number of your DNS server.

I used to get that quite a bit when I was on a Demon dial-up.  You can
ameliorate the effect by playing with the
net.inet.ip.fw.dyn_udp_lifetime sysctl, or you could run a recursive
nameserver locally.  Or change your firewall so that it uses static
rules for port 53 traffic.



Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP:         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.3 (FreeBSD)



More information about the Ukfreebsd mailing list