Annoying delays appeared while connecting to the server

Mark Andrews Mark_Andrews at isc.org
Thu Jun 24 13:58:12 GMT 2004


> Hello Mark,
> 
> Thursday, June 24, 2004, 8:03:21 AM, you wrote:
> 
> 
> >> On Wed, 23 Jun 2004, Illia Baidakov wrote:
> >> 
> >> > Hello freebsd-stable,
> >> >
> >> >   I noticed it about a week ago. My local hosts have suffering
> >> >   such delays while connecting to the (imho) tcp-wrapped services,
> >> >   namely ssh, smtp, mysql.
> >> >   It looks like the addresses to names resolving. I don't need to resolv
> e m
> >> y
> >> >   local names or addresses now. There was not any delays early.
> >> >   But they have appeared without any visable reason.
> >> >
> >> >   What could to involve a such system behaviour?
> >> >   How should I return my system to previous state?
> >> >
> >> > P.S.  I will not want neither to edit the /etc/hosts file nor create
> >> >       and maintain dns-zones for the internal hosts.
> >> 
> >> I don't see any changes to the tcpwrappers services. Check resolv.conf;
> >> maybe one of the listed nameservers is down or unresponsive?
> >>
> My 127.0.0.1 nameserver is up, partially at the connection starting
> time.
> 
> >> You really should have machines in DNS or /etc/hosts, but if you don't
> >> want to maintain that, then you suffer the consequences.
> 
> MA>         He is also in violation of RFC 1918.  You don't have to
> 
> In which part of it?

   Indirect references to such addresses should be contained within the
   enterprise. Prominent examples of such references are DNS Resource
   Records and other information referring to internal private
   addresses. In particular, Internet service providers should take
   measures to prevent such leakage.

	In this case it is the queries themselves.
 
> MA>         populate the reverse zone.  A empty zone (SOA and NS records
> MA>         only) will prevent the queries leaking and improve response
> MA>         times.
> 
> Yes, it has solved my problem.
> 
> MA>         Why should the rest of the world have to fork out real money
> MA>         to run nameservers to sink these bogus queries?
> 
> Now I'm going to meet how does a name resolving in the in-addr.arpa goes on.

	See http://www.as112.net/ for what was required to protect
	the root servers from traffic load for QUERY and UPDATE
	requests to RFC1918 and other similar zones.

> Thank you.
> 
> -- 
> Illia Baidakov.
> 
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org


More information about the freebsd-stable mailing list