Re: Some servvices on my edge box slow to reply
From: Dave Uhring (daveuhring_at_yahoo.com)
Date: 09/22/04
- Next message: jose nazario: "Re: Has anyone used OpenBSD to setup a commercial WiFi hotspot?"
- Previous message: clvrmnky: "Re: Some servvices on my edge box slow to reply"
- In reply to: clvrmnky: "Re: Some servvices on my edge box slow to reply"
- Next in thread: clvrmnky: "Re: Some servvices on my edge box slow to reply"
- Reply: clvrmnky: "Re: Some servvices on my edge box slow to reply"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 21 Sep 2004 19:42:46 -0500
On Tue, 21 Sep 2004 19:44:29 -0400, clvrmnky wrote:
> I'm patched up to the limit for 3.1. I just checked the diffs in patch
> 19, and my source tree matches. I recall rebuilding named at some point.
That should have fixed that bug in your named, but after a year of no
patches have there been more bugs? Recall that OpenBSD went to BIND-9
because BIND-4 was simply too full of bugs.
> True, but I've never had to care before. Obviously *something* outside
> my realm of control has changed such that missed lookups are now taking
> about 10x longer. This is completely new behaviour that I've never seen
> in several years. I'm totally bewildered why some services would fail
> *now*. Today. Some time since about 11PM last night.
You have always needed reverse lookups when using ssh to connect to that
server whether they were provided by dns or /etc/hosts, unless you were
willing to tolerate the delays.
> I've been wracking my brains trying to remember if I tweaked anything.
> I haven't. Nothing was changed, and that gives me some concern.
It's possible that your sshd was compromised. I permit ssh from only
selected hosts and networks and close it to the rest of the Internet.
>> Did you configure a reverse lookup zone file? Are you using DDNS?
>>
> I'm not sure what DDNS is. Dynamic DNS? No. I have a static IP.
Dynamic DNS. Your public static IP address is irrelevant here since your
problem involves connection from your LAN. You use DDNS to update both
your forward and reverse lookup zones when you configure the hosts on the
LAN to use DHCP.
> I have the localhost.rev file referenced in named.boot, but I'm not
> acting as a primary nameserver right now. I know this is not strictly
> correct, but it's all worked for years now. I've been meaning to be the
> primary DNS for internal hosts for some time (in fact, I have a
> mydomain.rev file made, but commented out in the named.boot), but an
> ultra-simple caching nameserver was good enough. I mean, lookups should
> fail in some reasonable manner, and have done so until now.
With no domain.rev zone file and with /etc/hosts not being populated on
martini your server has no way of doing reverse lookups.
> The problem is I've never been able to figure out how to make a
> nameserver that resolves for a set of internal nodes, but knows how to
> go out to my secondaries and get external info. The instructions in the
> FAQ never made any sense to me.
Simple enough. Email me and I'll send you working config files.
> Of course, since the worst thing ('til now) that would happen is that
> badly formed FQDNs would end up resolving back to my own IP address,
> occasionally puzzling internal users.
No. They would simply receive an error notice.
> I am running DHCP. I have no idea what DDNS is. Dynamic DNS? DNS for
> internal nodes only? I'll drop you a line, I guess. It's not like I
> turned on DHCP and got this problem. I've been running it for years.
> Up to now, there has been 0 problems opening a web browser and typing in
> the static IP address that is the default httpd instance from a host
> that happens to have 10.0.0.10. Same for any of the server aliases I have.
But doing those things does not require a reverse lookup and sshd does do
a reverse lookup.
> I'm finding my P-133/80Mb system is getting too long in the tooth.
A 486DX2/16MB system is adequate but P75/32MB is a bit faster. Since I
had an excess K5/166 CPU I replaced the P75 in an HP Vectra with it and
because of the mis-matched multipliers wound up with a CPU running at
116MHz. There are 9 hosts on my home network using that DNS server and a
D-Link wireless router and at times some Windoze notebooks using the DHCP
server.
> Mostly, I just want to bring my monthly kilowatt/hrs down, so I got a
> VIA mainboard to play with.
A sensible consideration. I turned off my AlphaServer 4100 because it was
costing me an additional $50/month to run it.
- Next message: jose nazario: "Re: Has anyone used OpenBSD to setup a commercial WiFi hotspot?"
- Previous message: clvrmnky: "Re: Some servvices on my edge box slow to reply"
- In reply to: clvrmnky: "Re: Some servvices on my edge box slow to reply"
- Next in thread: clvrmnky: "Re: Some servvices on my edge box slow to reply"
- Reply: clvrmnky: "Re: Some servvices on my edge box slow to reply"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
