Re: slow reverse dns.

From: Pugilis T. Master (guroove_at_gmail.com)
Date: 05/20/05

Next message: Kris Kennaway: "Re: Xorg or XFree86?"
Previous message: Bill Vermillion: "Re: renaming multiple files (DOS way)"
In reply to: David: "Re: slow reverse dns."
Next in thread: David: "Re: slow reverse dns."
Reply: David: "Re: slow reverse dns."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Fri, 20 May 2005 12:37:00 -0400

David wrote:
> on 5/18/2005, Pugilis T. Master supposed :
>
>> David wrote:
>>
>>> im having slow reverse dns responces from my server. 8-9 seconds. i
>>> think its my firewall. here is my rule set..
>>>
>>> #General Rule Sets
>>> /sbin/ipfw add 0300 check-state
>>> /sbin/ipfw add 0301 deny tcp from any to any in established
>>> /sbin/ipfw add 0302 pass tcp from any to any out setup keep-state
>>> /sbin/ipfw add 0303 pass udp from any to any out
>>>
>>> #SSH FTP
>>> /sbin/ipfw add 0400 pass tcp from any to any 22 in setup keep-state
>>> /sbin/ipfw add 0401 pass tcp from any to any 21 in setup keep-state
>>>
>>> #HTTP HTTPS
>>> /sbin/ipfw add 0500 pass tcp from any to any 80 in setup keep-state
>>> /sbin/ipfw add 0501 pass tcp from any to any 443 in setup keep-state
>>>
>>> #IMAP IMAPS POP3 SMTP
>>> /sbin/ipfw add 0600 pass udp from any to any 25 in
>>> /sbin/ipfw add 0601 pass tcp from any to any 25 in setup keep-state
>>> /sbin/ipfw add 0602 pass tcp from any to any 143 in setup keep-state
>>> /sbin/ipfw add 0603 pass udp from any to any 143 in
>>> /sbin/ipfw add 0604 pass tcp from any to any 993 in setup keep-state
>>> /sbin/ipfw add 0605 pass tcp from any to any 110 in setup keep-state
>>> /sbin/ipfw add 0606 pass udp from any to any 110 in
>>>
>>> #DNS
>>> /sbin/ipfw add 0700 pass udp from any to any 53 in
>>> /sbin/ipfw add 0701 pass tcp from any to any 53 in setup keep-state
>>> /sbin/ipfw add 0702 pass udp from xxx.xxx.xxx.xxx to any in
>>> /sbin/ipfw add 0703 pass udp from xxx.xxx.xxx.xxx to any in
>>
>>
>> snip
>> I may have missed something, but it looks like you are missing a rule
>> that allows all traffic on the loopback device, lo0. Mine looks like
>> this:
>>
>> ipfw add 0100 allow ip from any to any via lo0
>>
>>> # nslookup localhost
>>> *** Can't find server name for address 127.0.0.1: Timed out
>>> *** Can't find server name for address xx.xx.xx.xx: Timed out
>>> *** Can't find server name for address xx.xx.xx.xx: Timed out
>>> *** Default servers are not available
>>>
>>> here is a copy of my /etc/resolv.conf
>>>
>>> search ab.hsia.telus.net
>>> nameserver 127.0.0.1
>>> nameserver 154.11.129.59
>>> nameserver 154.11.129.187
>>> nameserver 209.115.152.130
>>> nameserver 209.115.152.150
>>
>>
>> It appears as if you are not able to access the name server on your
>> own machine. I use a very permissive ruleset for my DNS and it may be
>> a serious vulnerability, but I haven't experienced any problems, and I
>> have been running this configuration for well over a year. My rules
>> concerning port 53 look like this:
>>
>> ipfw add 2300 allow udp from any to any 53
>> ifpw add 2400 allow udp from any 53 to any
>>
>> I find that editing /etc/rc.firewall works quite well for securing a
>> NAT box. I used the 'simple' firewall portion to start and added rules
>> to open up various ports.
>
>
> thanks to kristian and Pugilis, my problems are fixed. however i have a
> few questions...
>
> when i nslookup my domain, i get an in-addr.arpa domain name pointer
> responce from my ISP, why is my name server not responding to this
> request ?
>

This is a strange problem, and I have been trying to replicate your
problem on my system. One question I have for you is regarding your
domain. Is it an actual domain that is accessible via the internet, or
is it a local domain that you arbitrarily picked? Also is your
/etc/resolv.conf being populated by DHCP?

Next message: Kris Kennaway: "Re: Xorg or XFree86?"
Previous message: Bill Vermillion: "Re: renaming multiple files (DOS way)"
In reply to: David: "Re: slow reverse dns."
Next in thread: David: "Re: slow reverse dns."
Reply: David: "Re: slow reverse dns."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

RE: Add a server to SBS R2 using ConnectComputer
... server in the SBS network, ... Let's try following steps to see if we can add the computer to SBS network ... Microsoft Online Newsgroup Support ... It looks like from a previous thread I may be missing some. ...
(microsoft.public.windows.server.sbs)
RE: Add a server to SBS R2 using ConnectComputer
... server in the SBS network, ... some virtual web sites are missing. ... Let's try following steps to see if we can add the computer to SBS network ... It looks like from a previous thread I may be missing some. ...
(microsoft.public.windows.server.sbs)
RE: Add a server to SBS R2 using ConnectComputer
... server in the SBS network, ... Let's try following steps to see if we can add the computer to SBS network ... Microsoft Online Newsgroup Support ... It looks like from a previous thread I may be missing some. ...
(microsoft.public.windows.server.sbs)
Re: Missing Menus
... I totally rebuilt the server, ... and I still have no menus. ... The menus are missing from all templates. ...
(microsoft.public.sharepoint.windowsservices)
Re: Member server not in network nhood.
... Is there anyway to capture the annoucning broadcast when the server boots. ... >> System Missing from its Local Subnet Master Browser's List ... >> also be missing from all other browse lists. ...
(microsoft.public.windows.server.networking)