Crist J. Clark wrote:
How long does it take to do a reverse-lookup on the result of the
previous lookups? The applications may be trying to resolve a PTR
record for the final IP address they end up with.
Reverse lookups work fine. But I do not think PTR lookups are an issue
in this case (see below).
You can try the following two tests and compare the difference,
1) Put the two external servers in resolv.conf, and run,
# tcpdump -s512 port 53
And try your ftp or telnet.
2) Put 127.0.0.1 back into resolv.conf, clear the cache of the local
BIND (not sure of a way to do that other than killing and
restarting in 8.x.x), and run the same thing,
# tcpdump -s512 port 53
And again try the ftp or telnet.
I am enclosing the results of these two tests. For better readability I
have removed the time offset and replaced my IP number with "me", the
forwarder's IP with "fw".
(1)
00:00.000000 me.49235 > fw.domain: 1081+ AAAA? ftp.de.freebsd.org. (36)
00:00.235195 fw.domain > me.49235: 1081 2/0/0 CNAME ftp4.de.freebsd.org., CNAME
ftp.leo.org. (77) (DF)
00:00.235648 me.49236 > fw.domain: 1082+ A? ftp.de.freebsd.org. (36)
00:00.850987 fw.domain > me.49236: 1082 3/0/0 CNAME ftp4.de.freebsd.org., CNAME
ftp.leo.org., A 131.159.72.23 (93) (DF)
(2)
00:00.000000 me.domain > fw.domain: 8207+ [1au] AAAA? ftp.de.freebsd.org. (47)
00:00.093818 fw.domain > me.domain: 8207 2/0/0 CNAME ftp4.de.freebsd.org., CNAME
ftp.leo.org. (77) (DF)
00:00.094539 me.domain > fw.domain: 30226+ [1au] AAAA? ftp.leo.org. (40)
00:00.183988 fw.domain > me.domain: 30226 0/0/0 (29) (DF)
00:05.184504 me.domain > fw.domain: 52418+ [1au] AAAA? ftp.leo.org. (40)
00:05.278765 fw.domain > me.domain: 52418 0/0/0 (29) (DF)
00:15.278043 me.domain > fw.domain: 24089+ [1au] AAAA? ftp.leo.org. (40)
00:15.377019 fw.domain > me.domain: 24089 0/0/0 (29) (DF)
00:35.374320 me.domain > fw.domain: 31178+ [1au] AAAA? ftp.leo.org. (40)
00:35.978176 fw.domain > me.domain: 31178 0/0/0 (29) (DF)
01:15.970823 me.domain > fw.domain: 53751+ [1au] A? ftp.leo.org. (40)
01:16.064579 fw.domain > me.domain: 53751 1/0/0 A 131.159.72.23 (45) (DF)
01:16.065468 me.domain > fw.domain: 56474+ [1au] AAAA? J.ROOT-SERVERS.NET. (47)
01:16.065915 me.domain > fw.domain: 36905+ [1au] AAAA? K.ROOT-SERVERS.NET. (47)
01:16.066172 me.domain > fw.domain: 38356+ [1au] AAAA? L.ROOT-SERVERS.NET. (47)
01:16.066372 me.domain > fw.domain: 395+ [1au] AAAA? M.ROOT-SERVERS.NET. (47)
01:16.066572 me.domain > fw.domain: 54526+ [1au] AAAA? I.ROOT-SERVERS.NET. (47)
01:16.066771 me.domain > fw.domain: 61085+ [1au] AAAA? E.ROOT-SERVERS.NET. (47)
01:16.066986 me.domain > fw.domain: 38040+ [1au] AAAA? D.ROOT-SERVERS.NET. (47)
01:16.068062 me.domain > fw.domain: 35807+ [1au] AAAA? A.ROOT-SERVERS.NET. (47)
01:16.068664 me.domain > fw.domain: 27426+ [1au] AAAA? H.ROOT-SERVERS.NET. (47)
01:16.069117 me.domain > fw.domain: 39377+ [1au] AAAA? C.ROOT-SERVERS.NET. (47)
01:16.069552 me.domain > fw.domain: 11036+ [1au] AAAA? G.ROOT-SERVERS.NET. (47)
01:16.070036 me.domain > fw.domain: 34035+ [1au] AAAA? F.ROOT-SERVERS.NET. (47)
01:16.070476 me.domain > fw.domain: 33542+ [1au] AAAA? B.ROOT-SERVERS.NET. (47)
01:16.157385 fw.domain > me.domain: 56474 0/0/0 (36) (DF)
01:16.160564 fw.domain > me.domain: 36905 0/0/0 (36) (DF)
01:16.172424 fw.domain > me.domain: 38356 0/0/0 (36) (DF)
01:16.176809 fw.domain > me.domain: 395 0/0/0 (36) (DF)
01:16.188828 fw.domain > me.domain: 54526 0/0/0 (36) (DF)
01:16.193810 fw.domain > me.domain: 61085 0/0/0 (36) (DF)
01:16.202584 fw.domain > me.domain: 38040 0/0/0 (36) (DF)
01:16.209829 fw.domain > me.domain: 35807 0/0/0 (36) (DF)
01:16.217073 fw.domain > me.domain: 27426 0/0/0 (36) (DF)
01:16.238637 fw.domain > me.domain: 39377 0/0/0 (36) (DF)
01:16.240081 fw.domain > me.domain: 11036 0/0/0 (36) (DF)
01:16.241823 fw.domain > me.domain: 34035 0/0/0 (36) (DF)
01:16.246842 fw.domain > me.domain: 33542 0/0/0 (36) (DF)
As I thought of an IPv6 problem, I compiled a new kernel with IPNET6.
That did not help at all, unfortunately.
Any ideas?
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
