Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 28 Apr 2002 10:45:39 +0930
From:      Greg 'groggy' Lehey <grog@FreeBSD.org>
To:        Joe & Fhe Barbish <barbish@a1poweruser.com>
Cc:        Anton Shcherbinin <useperl@fastmail.fm>, FBSDQ <questions@FreeBSD.ORG>
Subject:   Re: 1 minute delay while connecting to any host
Message-ID:  <20020428104538.B83112@wantadilla.lemis.com>
In-Reply-To: <LPBBIGIAAKKEOEJOLEGOOEPMCOAA.barbish@a1poweruser.com>
References:  <743669500.20020427213601@fastmail.fm> <LPBBIGIAAKKEOEJOLEGOOEPMCOAA.barbish@a1poweruser.com>

next in thread | previous in thread | raw e-mail | index | archive | help
[Format recovered--see http://www.lemis.com/email/email-format.html]

Quoted text wrapped incorrectly.

On Saturday, 27 April 2002 at 16:32:28 -0400, Joe & Fhe Barbish wrote:
> On  Saturday, April 27, 2002 1:36 PM, Anton Shcherbinin wrote:
>>
>> This is my 1st post to this list, and I am completely new to FreeBSD. If
>> I  had better ask such questions anywhere else, please tell me the right
>> place for this.
>>
>> I  installed  FreeBSD  4.5 Release. When my host is trying to connect to
>> any  other  host  specified  by  name, I experience a huge (1.5 minutes)
>> delay before the hosts are connected. For example, suppose I want to get
>> http://yahoo.com/ page. I write:
>>
>> $ telnet yahoo.com 80
>>
>> At  the  same time (actually, a bit earlier), I wrote at another console
>> as root:
>>
>> # tcpdump -n
>>
>> And here is tcpdump's output (a bit edited for clarity):
>>
>> 18:37:51.501962 my_host.1055 > our_DNS_server.53:  4486+ AAAA? yahoo.com. (27)
>> 18:37:56.512212 my_host.1056 > our_DNS_server.53:  4486+ AAAA? yahoo.com. (27)
>> 18:38:06.522353 my_host.1057 > our_DNS_server.53:  4486+ AAAA? yahoo.com. (27)
>> 18:38:26.532655 my_host.1058 > our_DNS_server.53:  4486+ AAAA? yahoo.com. (27)
>> 18:39:06.543281 my_host.1059 > our_DNS_server.53:  4487+ A? yahoo.com. (27)
>> 18:39:06.683069 our_DNS_server.53 > my_host.1059:  4487* 2/5/5 A 66.218.71.113, (238)
>> 18:39:06.683609 my_host.1028 > yahoo.com.80: S 2162865409:2162865409(0) win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 579069 0> (DF) [tos 0x10]
>> 18:39:06.909922 yahoo.com.80 > my_host.1028: S 2552035614:2552035614(0) ack 2162865410 win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 66944899579069>
>> 18:39:06.909984 my_host.1028 > yahoo.com.80: . ack 1 win 33304 <nop,nop,timestamp 579091 66944899> (DF) [tos 0x10]
>>
>> That  is, my host tries to resolve yahoo.com at our DNS server, *but* it
>> looks  for 'AAAA' RR, and not 'A'. It gets no reply, and in 5 seconds it
>> retries  the  query (again, 'AAAA' RR). No reply again, it retries in 10
>> seconds,  then  again  in  20  seconds.  No  reply  within  40  seconds.
>> *FINALLY*,  my  host  asks  DNS server for 'A' RR for yahoo.com . And no
>> wonder that in several milliseconds DNS server tells my host yahoo.com's
>> IP  address.  Then,  within  several milliseconds, my host and yahoo.com
>> become TCP-connected.
>>
>> As  you  can see, I had to waste 5+10+20+40==75 seconds watching my host
>> try to find nonexistent AAAA resource record. And things are the same if
>> I try to send mail or to connect to ftp site or whatever else.
>>
>> What have I done wrong? What should I do? Thanks a lot for any ideas.
>>
>> I general, what are AAAA records? RFC1034/1035 say nothing about
>> such RR. What TFM should I read about them?

They're address records for IPV6.  For some reason your application is
insisting on IPV6 and only trying IPV4 after timing out.

> You left out a lot of information about your configuration, so I am
> taking a shot in the dark here. Your FBSD system does not know the
> DNS servers to query to convert the domains names into ip address.

No, this is incorrect.  The tcpdump above shows clearly that it does
know.  It just issues the incorrect kind of request.

> FBSD looks in the /etc/resolv.conf for the ip address of your ISP
> DNS.

There's nothing here to say that it's an ISP's name server.

> If you have this in place them you also have to allow the IPFW firewall
> access to the DNS services with statements like.
>
>  add 00660 allow tcp from any to any 53        # allow out
>  add 00661 allow tcp from any 53 to any        # allow in
>  add 00662 allow udp from any to any 53        # allow out
>  add 00663 allow udp from any 53 to any        # allow in

This is obviously working as well.  It's clear that he's getting the
address, only that the application doesn't ask for it until it times
out on AAAA.

So what's the problem?  I really don't know.  Does this only happen
with telnet?  Only with yahoo.com?

Greg
--
When replying to this message, please copy the original recipients.
If you don't, I may ignore the reply.
For more information, see http://www.lemis.com/questions.html
See complete headers for address and phone numbers

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020428104538.B83112>