Eskimo North


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DNS / Firewall




     Several people have reported slow DNS response using our name servers, yet
those same servers have been responding fine internally.

     This started when I re-worked the firewall rules.  I did determine what
the problem was and it is corrected now.

     Technical details follow:

     I had an error in the rule allowing UDP traffic to port 53 of the name
servers, I had:
    
     Permit To 204.122.16.8 udp dst = 53

     This should have been:

     Permit To 204.122.16.8/31 udp dst = 53

     The /31 is a netmask which tells the router to allow two IP's,
204.122.16.8 and 204.122.16.8 through.  Without this only requests to
204.122.16.8 was allowed through.  So if your machine happened to query
204.122.16.9 first, your response was delayed until your machine timed out and
tried 204.122.16.8.

     This has been corrected now and you should see normal DNS response times.

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
 Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting.
   Knowledgable human assistance, not telephone trees or script readers.
 See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874.