Some peace and quiet
m.seaman at infracaninophile.co.uk
Wed Oct 8 14:28:07 BST 2003
Content-Type: text/plain; charset=us-ascii
On Wed, Oct 08, 2003 at 12:50:24PM +0100, Josef Karthauser wrote:
> On Wed, Oct 08, 2003 at 09:52:22AM +0100, jon at witchspace.com wrote:
> > Hiya
> > > Now here's a problem I've seen before.
> > >
> > > When sysinstall says something like
> > >
> > > "Looking up ftp2.uk.freebsd.org"
> > >
> > > and sits there until I abort
> > I've seen this before, but I have no idea what causes it. I can switch=
> > another VT and pftp to the same site with no problems.
> Is it a passive mode ftp problem? Are you behind a firewall? If so use
> the 'ftp passive' option from within sysinstall.
Hmmm.. I don't think Jon even gets as far as make the FTP connection:
the problem seems to be in the DNS lookup.
Here's a theory: you're behind a stateful firewall which your
recursive DNS server is the other side of. Sometimes when you do a
DNS lookup the response can be so slow that the UDP connection times
out before your DNS server can get the data back to you. Of course,
if you immediately retry the lookup, your DNS server can answer almost
instantaneously out of its cache.
If the firewall happens to be ipfw(8) and local to your machine and
you've got logging of denied packets turned on, then you should see a
number of log lines like:
.... your.host.name /kernel: ipfw: 999 Deny UDP 18.104.22.168:53 ....
Where 22.214.171.124 is the IP number of your DNS server.
I used to get that quite a bit when I was on a Demon dial-up. You can
ameliorate the effect by playing with the
net.inet.ip.fw.dyn_udp_lifetime sysctl, or you could run a recursive
nameserver locally. Or change your firewall so that it uses static
rules for port 53 traffic.
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)
-----END PGP SIGNATURE-----
More information about the Ukfreebsd