[lug] ipchains -L hangs
Deva Samartha
YTAFTDJAHCWS at spammotel.com
Wed Dec 13 01:55:57 MST 2000
>My ppp0 input chain listed 86 rules in about 6 seconds. They displayed
>in chunks, with pauses between chunks. I believe it is possible the
>pauses were caused by attempting name lookup of a numeric ip that took a
>brief moment. Possibly it is slowed when doing that?
I checked it and - see there - every line in ipchains -L does a bunch of
DNS requests to the USwest DNS server which does not make much sense at
all! I am not very familiar with the tcpdump format below but it looks as
if it tries to do a reverse address lookup for the 192.168.9.0?
20:31:46.510946 me.mydom.com.1049 > ns2.dnvr.uswest.net.domain: 36691+ PTR?
0.9.168.192.in-addr.arpa. (42)
20:31:46.532356 ns2.dnvr.uswest.net.domain > me.mydom.com.1049: 36691
NXDomain* 0/1/0 (124)
Same happens when going from the firewall (where the chain resides ) with
browser to httpd in DMZ with local IP - it hangs too with varying times
doing DNS lookups on local IP's.
I tried putting names and network addresses in /etc/networks and rebooted
- no change of behavior.
/etc/nsswitch has:
networks: files dns
Any suggestions of what to do in order to talk the programs into dropping
their DNS weirdness?
Thank you
Boobledrops ( Samartha )
More information about the LUG
mailing list