Date: Sun, 28 Apr 2002 10:45:39 +0930 From: Greg 'groggy' Lehey <grog@FreeBSD.org> To: Joe & Fhe Barbish <barbish@a1poweruser.com> Cc: Anton Shcherbinin <useperl@fastmail.fm>, FBSDQ <questions@FreeBSD.ORG> Subject: Re: 1 minute delay while connecting to any host Message-ID: <20020428104538.B83112@wantadilla.lemis.com> In-Reply-To: <LPBBIGIAAKKEOEJOLEGOOEPMCOAA.barbish@a1poweruser.com> References: <743669500.20020427213601@fastmail.fm> <LPBBIGIAAKKEOEJOLEGOOEPMCOAA.barbish@a1poweruser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[Format recovered--see http://www.lemis.com/email/email-format.html] Quoted text wrapped incorrectly. On Saturday, 27 April 2002 at 16:32:28 -0400, Joe & Fhe Barbish wrote: > On Saturday, April 27, 2002 1:36 PM, Anton Shcherbinin wrote: >> >> This is my 1st post to this list, and I am completely new to FreeBSD. If >> I had better ask such questions anywhere else, please tell me the right >> place for this. >> >> I installed FreeBSD 4.5 Release. When my host is trying to connect to >> any other host specified by name, I experience a huge (1.5 minutes) >> delay before the hosts are connected. For example, suppose I want to get >> http://yahoo.com/ page. I write: >> >> $ telnet yahoo.com 80 >> >> At the same time (actually, a bit earlier), I wrote at another console >> as root: >> >> # tcpdump -n >> >> And here is tcpdump's output (a bit edited for clarity): >> >> 18:37:51.501962 my_host.1055 > our_DNS_server.53: 4486+ AAAA? yahoo.com. (27) >> 18:37:56.512212 my_host.1056 > our_DNS_server.53: 4486+ AAAA? yahoo.com. (27) >> 18:38:06.522353 my_host.1057 > our_DNS_server.53: 4486+ AAAA? yahoo.com. (27) >> 18:38:26.532655 my_host.1058 > our_DNS_server.53: 4486+ AAAA? yahoo.com. (27) >> 18:39:06.543281 my_host.1059 > our_DNS_server.53: 4487+ A? yahoo.com. (27) >> 18:39:06.683069 our_DNS_server.53 > my_host.1059: 4487* 2/5/5 A 66.218.71.113, (238) >> 18:39:06.683609 my_host.1028 > yahoo.com.80: S 2162865409:2162865409(0) win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 579069 0> (DF) [tos 0x10] >> 18:39:06.909922 yahoo.com.80 > my_host.1028: S 2552035614:2552035614(0) ack 2162865410 win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 66944899579069> >> 18:39:06.909984 my_host.1028 > yahoo.com.80: . ack 1 win 33304 <nop,nop,timestamp 579091 66944899> (DF) [tos 0x10] >> >> That is, my host tries to resolve yahoo.com at our DNS server, *but* it >> looks for 'AAAA' RR, and not 'A'. It gets no reply, and in 5 seconds it >> retries the query (again, 'AAAA' RR). No reply again, it retries in 10 >> seconds, then again in 20 seconds. No reply within 40 seconds. >> *FINALLY*, my host asks DNS server for 'A' RR for yahoo.com . And no >> wonder that in several milliseconds DNS server tells my host yahoo.com's >> IP address. Then, within several milliseconds, my host and yahoo.com >> become TCP-connected. >> >> As you can see, I had to waste 5+10+20+40==75 seconds watching my host >> try to find nonexistent AAAA resource record. And things are the same if >> I try to send mail or to connect to ftp site or whatever else. >> >> What have I done wrong? What should I do? Thanks a lot for any ideas. >> >> I general, what are AAAA records? RFC1034/1035 say nothing about >> such RR. What TFM should I read about them? They're address records for IPV6. For some reason your application is insisting on IPV6 and only trying IPV4 after timing out. > You left out a lot of information about your configuration, so I am > taking a shot in the dark here. Your FBSD system does not know the > DNS servers to query to convert the domains names into ip address. No, this is incorrect. The tcpdump above shows clearly that it does know. It just issues the incorrect kind of request. > FBSD looks in the /etc/resolv.conf for the ip address of your ISP > DNS. There's nothing here to say that it's an ISP's name server. > If you have this in place them you also have to allow the IPFW firewall > access to the DNS services with statements like. > > add 00660 allow tcp from any to any 53 # allow out > add 00661 allow tcp from any 53 to any # allow in > add 00662 allow udp from any to any 53 # allow out > add 00663 allow udp from any 53 to any # allow in This is obviously working as well. It's clear that he's getting the address, only that the application doesn't ask for it until it times out on AAAA. So what's the problem? I really don't know. Does this only happen with telnet? Only with yahoo.com? Greg -- When replying to this message, please copy the original recipients. If you don't, I may ignore the reply. For more information, see http://www.lemis.com/questions.html See complete headers for address and phone numbers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020428104538.B83112>