Delay connecting to dual homed host

Mike Bristow mike at urgle.com
Fri Jun 11 10:05:40 BST 2004


On Thu, 2004-06-10 at 16:12, John Murphy wrote:
> Whenever my FreeBSD-5.2.1 gateway looses its connection to
> the ISP it takes much longer to establish an ssh session to
> it from the LAN side.
> 
> I can live with the delay (not sure I can live with the ISP)
> but I wonder what's happening.

It's probably DNS.

Run "tcpdump port 53" while the modem is off, and things will probably
be clearer.

sshd uses tcpwrappers, so it'll do a reverse lookup on the IP of the
client and then a forward lookup of the result (to make sure it
matches).

> Also sendmail fails to accept and queue email from clients
> and browsers can't convert addresses even though Bind is
> running as a caching only name server.

Does it have the relevant info cached?   

Does /etc/resolv.conf point at that nameserver?

Note that if it's RFC1918 space (ie, 10/8 etc) then your caching bind
will cache a negative answer for (by default, I think) 10 minutes, so 10
minutes after the link dies the cache is irrelvant - bind will try and
query blackhole-{1,2}.iana.org for the data and after a long time
timeout.

If it is DNS, it'll be worth configuring bind to slave the relevant
zones from the authoritative sources, or be a master for the RFC1918
space.

-- 
Mike Bristow - http://www.urgle.com/~mike/ - mike at urgle.com
Where does dracula stay in New York?
Tinsilitis




More information about the Ukfreebsd mailing list