Re: DNS weirdness
On Thu, 18 Apr 2002 14:13:57 +0200, Russell Coker writes: >I've attached a brief tcpdump snippet showing an unusually large DNS delay. And there are way more packets involved than should be necessary. Could you post (or just send me) a full dump (in binary format), snaplen 1500? cheers, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / msg06138/pgp0.pgp Description: PGP signature
Re: DNS weirdness
Hi, On Thu, 18 Apr 2002, Russell Coker wrote: > I've attached a brief tcpdump snippet showing an unusually large DNS delay. > > I have /etc/resolv.conf configured for 127.0.01, and BIND 8.3.1-2 on > localhost is doing the lookups. > > I type "host www.ME.ISP.com" and it takes 5 seconds, I would like to know why. > > ADSL is the IP address of my PC connected to the net by ADSL. Looking at that, I'd go strace bind (if it's not too busy that is). The tcpdump shows that all its questions were answered at the point of the delay, so it must be busy playing with itself somehow -- unless it tries to first send a query through another interface (one you didn't snoop on), but of course a strace will tell you that anyway. Sorry if this is all too obvious... Cheers, Emile. -- E-Advies / Emile van Bergen | [EMAIL PROTECTED] tel. +31 (0)70 3906153| http://www.e-advies.info -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
DNS weirdness
I've attached a brief tcpdump snippet showing an unusually large DNS delay. I have /etc/resolv.conf configured for 127.0.01, and BIND 8.3.1-2 on localhost is doing the lookups. I type "host www.ME.ISP.com" and it takes 5 seconds, I would like to know why. ADSL is the IP address of my PC connected to the net by ADSL. Thanks in advance for any advice. -- If you send email to me or to a mailing list that I use which has >4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void. 13:57:19.680224 ADSL.53 > ISP-DNS2.53: 15967 A? www.ME.ISP.com. (41) (DF) 13:57:19.791179 ISP-DNS2.53 > ADSL.53: 15967 0/2/2 (109) 13:57:19.791546 ADSL.53 > ISP-DNS1.53: 20754 A? cs1.ISP.com. (32) (DF) 13:57:19.791647 ADSL.53 > ISP-DNS1.53: 18073 A? cs2.ISP.com. (32) (DF) 13:57:19.897158 ISP-DNS1.53 > ADSL.53: 20754* 1/2/2 A cs1.ISP.com (120) 13:57:19.903189 ISP-DNS1.53 > ADSL.53: 18073* 1/2/2 A 208.184.37.194 (120) 13:57:24.689649 ADSL.53 > cs1.ISP.com.53: 48654 [1au] A? www.ME.ISP.com. OPT UDPsize=4096 (52) (DF) 13:57:24.790442 cs1.ISP.com.53 > ADSL.53: 48654 FormErr- [0q][|domain] 13:57:24.790585 ADSL.53 > cs1.ISP.com.53: 48654 A? www.ME.ISP.com. (41) (DF) 13:57:24.890437 cs1.ISP.com.53 > ADSL.53: 48654*- 1/0/0 A 208.184.37.210 (57)
