Subject: None
To: None <netbsd@purk.ee>
From: Steven M. Bellovin <smb@research.att.com>
List: port-i386
Date: 07/16/2002 21:36:31
In message <1026820812.3d340acce09d3@orav.purk.ee>, netbsd@purk.ee writes:
>
>
>Hi
>
>Today we switced our main box from linux to NetBSD 1.6BETA4 and i have some
>trouble with name resolving.first off,i dont know is this right place to bitch
>because there is chance that this is related with (bind,ipf).i really like
>behaviour of samba server wich is quite fast even copyng large files!ok 
>the problem is that name resolving with bind takes about 5/sec even if i flush
>all the rules in ipfilter the problem is still there!Almost with same
>configuration 1.5.x work perfect....no delays!Box is using 3Com cards with ex
>driver.( bind is configured to forward all queris to external nameserver ) and
>no one rule is blocking the querys!its really strange..that is working with sa
>me
>configuration on 1.5.3 box:)if i set client to use external cache the problem 
>is
>solved,but sometimes cache is down..and then there is no traffic at all:)
>

A 5-second resolution time sounds like it's first trying to query a 
dead server.  Check your configuration, and perhaps use tcpdump to see 
where the packets are really going.

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com ("Firewalls" book)