FreeBSD 6.0 release,

Tue Jan 3 07:29:11 PST 2006

On Sat, Dec 31, 2005 at 02:52:14AM +0000, Paul wrote:
> I've just installed FreeBSD 6.0 Release yesterday, I've spend the last
> two days trying to resolve a networking problem, the problem is this:
> when I try and connect to a domain or an IP for that matter, it takes
> several minutes for it to connect + receive the content. It doesn't
> seem to effect all addresses though, I've had no problems connecting
> to ftp://ftp.freebsd.org to download software etc., nor have I had any
> problems connecting to domains inside my LAN.
> 
> As far as I can tell, it isn't a dns problem because I can ping
> without any problems.

I had a similar problem here, and it was due to IPv6. Grr, I hate it.

What happened was: some router was allocating IPv6 prefixes, and so my
network interface picks up an IPv6 address. However actually there is no
working IPv6 connectivity here. As a result, whenever I try to connect to a
site which has both IPv6 and IPv4 addresses, I get a long delay of several
minutes while the IPv6 one is tried out, before it falls back to IPv4.

To show if this is the problem, use 'ifconfig' to show if your interface has
been polluted by an IPv6 address. Then use 'ping6 www.foo.com' where
www.foo.com is one of the sites you're having problems with.

The problem is hidden by ping because ping only asks the DNS for IPv4
addresses. You can check if a site has an IPv6 address using

    $ dig www.foo.com. aaaa
or
    $ nslookup -q=aaaa www.foo.com.

IMO, the best solution to this is to remove IPv6 entirely from your kernel
(comment out 'options INET6' and recompile). Your life will be much happier.

Of course this would not be a problem if the IP stack were to try IPv4
addresses first, falling back to IPv6 if it fails. Of course, if IPv4 were
to have precedence over IPv6, then the IPv6 stack would never get exercised.

This is one of several problems which have plagued me simply because IPv6 is
enabled by default when I don't want or use it.

However if that's not the problem, then maybe your problem is with reverse
DNS. That is, when you connect from your address (x.x.x.x) to a remote site
(y.y.y.y), the remote site may do a reverse DNS lookup for x.x.x.x to try to
find your hostname; if it gets a hostname, it will then do a forward DNS
lookup to see if it maps back to x.x.x.x.

You won't notice this problem as DNS lookups with ping, because you're just
mapping www.foo.com to y.y.y.y; you're not trying to convert your own
address x.x.x.x back to a domain, as a remote webserver would do.

The solution then is to fix your reverse DNS. If your own IP address is
192.0.2.1, then a PTR query for

    1.2.0.192.in-addr.arpa.

is where you should be looking. Probably you have a lame delegation
somewhere in the tree.

Regards,

Brian.