Hello Dimitri,this sounds really mystical and I don't have a concrete idea why this is happening in your case. However, I have had a related problem before that caused me a lot of trouble. It was about the name resolution in mixed networks of ipv4 and ipv6. You could check whether some or all of these points apply to your network:
- Are both systems using the same DNS server? - Are there other DNS servers on the network?- If the DNS server is local (e.g. on your router), does it have a DNS cache?
- Is the network (and DNS) pure ipv4 or a mixture of ipv6 and ipv4?- If both systems have both an ipv4 and an ipv6 address, do both reach other systems behind the router via both ipv4 and ipv6?
I could imagine that the scenario you describe could occur under the following conditions:
- There is more than one DNS server in your local network. One (1) of them provides ipv4 addresses, one (2) of them ipv6 addresses.
- the DNS resolution of foreign names (i.e. outside the local domain) of the DNS servers is delegated to upstream DNS servers, with the upstream of (1) always responding slightly later than the upstream of (2)
- NetBSD is set to query both ipv6 addresses and ipv4 addresses via DNS. - FreeBSD is set to query only ipv4 addresses via DNS.- In the initial state, the cache of the DNS servers does not yet know the IP of the bank.
- When NetBSD starts the DNS query, it receives first an ipv6 address from (2) and may not be able to reach it due to the router configuration. The slightly delayed response from (1) is ignored because the ipv6 address has already been received.
- When FreeBSD then starts the DNS query, it receives an ipv4 address from (1).
- Now when NetBSD starts the DNS query again, the ipv4 address of the bank is already in the cache of (1), so the delay of the query to upstream is omitted. If within your local network (1) is the "faster" one under the condition that the ips are cached, then in this case NetBSD first receives the ipv4 address of the bank and can possibly reach it.
- After a while, the cache expires (depending on how the TTL of the bank's domain is set) and the whole game repeats itself.
As I said, this was the case with me in a similar form. It helped to set a policy on the NetBSD host with ip6addrctl(8) to prefer ipv4. This meant that the ipv6 DNS responses were discarded. The easiest way to do this is with the rc.d script of the same name and the command prefer_ipv4.
Kind regards Matthias Am 02.11.22 um 03:53 schrieb Dmitrii Postolov:
Topic: Mystical issue with NetBSD and opening Russian Bank site chelinvest.ruHi! Sorry for my bad English... The NetBSD version: 9.3_STABLE 02 Nov 06:28 +05 2022I am client of Russian Bank Chelyabinvestbank. His website is https://chelinvest.ru This website successfully opens on FreeBSD and FF-ESR with settings by defaultand redirection occurs to https://chelinvest.ru/?ckattempt=1On NetBSD 9.3_STABLE and FF-ESR (102.1.0, latest version from binary repository cdn.netbsd.org/.../9.0_current) while trying to open this site, endlessly spinning progress and the site does not open.In rare instances if force site adress to 'https://chelinvest.ru/?ckattempt=1' this site is successfully open on NetBSD, but it is very rare. Basically, this site under NetBSD never opens.Mystical issue is that open this site in another PC with FreeBSD and after that go to the separate PC with NetBSD and trying to open it, then site https://chelinvest.ru successfully opens on NetBSD and FF-ESR for for a while but after some time the problem repeats again.The package mozilla-rootcerts-openssl is installed on both systems and I try to manually install the package openssl on NetBSD, but this did not solve the problem.Please, help me to solve this problem...P.S. OpenBSD has a similar problem with this site, so only FreeBSD successfully opens it with default settings.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature