Some peace and quiet

Mark Stewart Mark.Stewart at bacs.co.uk
Wed Oct 8 14:41:54 BST 2003


I agree, I waited for ages (well ten minutes) waiting for freebsd to
install - then realised my DNS wasn't working.

Fixed it and the rest as they say history ...

Mark

-----Original Message-----
From: Matthew Seaman [mailto:m.seaman at infracaninophile.co.uk]
Sent: 08 October 2003 14:28
To: Josef Karthauser
Cc: jon at witchspace.com; Jon Schneider; freebsd-users at uk.freebsd.org
Subject: Re: Some peace and quiet


On Wed, Oct 08, 2003 at 12:50:24PM +0100, Josef Karthauser wrote:
> On Wed, Oct 08, 2003 at 09:52:22AM +0100, jon at witchspace.com wrote:
> > Hiya
> >=20
> >=20
> > > Now here's a problem I've seen before.
> > >
> > > When sysinstall says something like
> > >
> > > "Looking up ftp2.uk.freebsd.org"
> > >
> > > and sits there until I abort
> >=20
> > I've seen this before, but I have no idea what causes it.  I can
switch to
> > another VT and pftp to the same site with no problems.
> >=20
>=20
> Is it a passive mode ftp problem? Are you behind a firewall?  If so
use
> the 'ftp passive' option from within sysinstall.

Hmmm.. I don't think Jon even gets as far as make the FTP connection:
the problem seems to be in the DNS lookup.

Here's a theory: you're behind a stateful firewall which your
recursive DNS server is the other side of.  Sometimes when you do a
DNS lookup the response can be so slow that the UDP connection times
out before your DNS server can get the data back to you.  Of course,
if you immediately retry the lookup, your DNS server can answer almost
instantaneously out of its cache.

If the firewall happens to be ipfw(8) and local to your machine and
you've got logging of denied packets turned on, then you should see a
number of log lines like:

   .... your.host.name /kernel: ipfw: 999 Deny UDP 12.34.56.78:53 ....

Where 12.34.56.78 is the IP number of your DNS server.

I used to get that quite a bit when I was on a Demon dial-up.  You can
ameliorate the effect by playing with the
net.inet.ip.fw.dyn_udp_lifetime sysctl, or you could run a recursive
nameserver locally.  Or change your firewall so that it uses static
rules for port 53 traffic.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK


-----------------------------------------------------

You can find us at www.bacs.co.uk=20

*****************************************************
This communication is confidential and intended for=20
the exclusive use of the addressee only. You should=20
not disclose its contents to any other person.
If you are not the intended recipient please notify=20
the sender named above immediately.

BACS Limited, registered in England, No 1023742,=20
3 De Havilland Road, Edgware, Middlesex, HA8 5QA
*****************************************************





More information about the Ukfreebsd mailing list