network traffic etherealed, need your help on the records (LONG)

Hello again!


To resolve the network performance problem, I consulted with
my ISP and also took the suggestions here to use the ethereal
tool.

My ISP told me that owing to virus etc, the bandwidth to/fro
outside of the country is decreased 'for the time being'. I
clearly saw that some of my slowed-down network connections
were caused (at least from the appearance) by the bad DNS
service from my ISP:

Time Source Destination Protocol Info
15.9449098 172.24.12.1 my_isp_name_server_ip DNS Standard
query A mail.yahoo.com
15.975595 my_isp_name_server_ip 172.24.12.1 DNS Standard
query response, Server failure


I also encountered a series of weird entries when testing
my website. My website is served with dynamic DNS, and the
service provider is outside of the country. There is a
router+ADSL modem between the actual server (172.24.12.1)
and outside. The weird entries (*):

Time Source Destination Protocol Info
0.000000 172.24.12.1 my_isp_name_server_ip DNS
Standard query A www.mywebsite.com
0.031077 my_isp_name_server_ip 172.24.12.1 DNS
Standard query response, Server failure
0.031243 172.24.12.1 my_isp_name_server_ip DNS
Standard query A www.mywebsite.com
5.031925 172.24.12.1 my_isp_name_server_ip DNS
Standard query A www.mywebsite.com.mywebsite.com (*)
5.071077 my_isp_name_server_ip 172.24.12.1 DNS
Standard query response, Server failure
....
5.900000 172.24.12.1 my_isp_name_server_ip DNS
Standard query A mail.yahoo.com
5.031077 my_isp_name_server_ip 172.24.12.1 DNS
Standard query response, Server failure
5.033243 172.24.12.1 my_isp_name_server_ip DNS
Standard query A mail.yahoo.com.mywebsite.com (*)
10.033243 172.24.12.1 my_isp_name_server_ip DNS
Standard query A mail.yahoo.com.mywebsite.com (*)
....


Could someone explain the entries above? Could I have
made some mistakes on the configuration? FYI, I commentted
out the entry in /etc/hosts to disable local name resolution.

Is my conclusion feasible (DNS problem caused the slowing-down
of the network connections?)?

The summary from the ethereal said the Avg. bytes/sec is 1059.921
oops. Could I argue with this figure with my ISP? (ADSL service
with 512K inbound/outbound speed). Or shall I use some net
connections without the DNS problem? (If the website is totally
inside the country, it is about 20KB/s for instance).

And almost every time my Mozilla connecting to some website,
there is a time lag of 'connection'... That should be another
topic...

On 29 Aug 2003 22:26:32 -0700, Wenjie <(E-Mail Removed)> wrote:
> Hello again!
>
>
> To resolve the network performance problem, I consulted with
> my ISP and also took the suggestions here to use the ethereal
> tool.
>
> My ISP told me that owing to virus etc, the bandwidth to/fro
> outside of the country is decreased 'for the time being'. I
> clearly saw that some of my slowed-down network connections
> were caused (at least from the appearance) by the bad DNS
> service from my ISP:
>
> Time Source Destination Protocol Info
> 15.9449098 172.24.12.1 my_isp_name_server_ip DNS Standard
> query A mail.yahoo.com
> 15.975595 my_isp_name_server_ip 172.24.12.1 DNS Standard
> query response, Server failure

You could always run your own caching nameserver (your CD may have a
caching nameserver package or bind9). I have been doing that since the
DNS of my adsl ISP (SBC) was laggy when I first got it 1/2002. You can
also add zones for your LAN per DNS HOWTO.

Just do not use your ISP's nameservers for forwarders if they are giving
you trouble now (you do not really need forwarders). And limit it to
listening on loopback and LAN with listen-on { 127/8; 172.24/16; }; or
whatever so it will only answer queries from your local network (it will
still resolve public names).

--
David Efflandt - All spam ignored http://www.de-srv.com/
http://www.autox.chicago.il.us/ http://www.berniesfloral.net/
http://cgi-help.virtualave.net/ http://hammer.prohosting.com/~cgi-wiz/

On 30 Aug 2003 19:56:40 -0700, Wenjie <(E-Mail Removed)> wrote:
> My friends told me that they cannot ping or access (my website) with my
> public IP. I understand if they use the website name they will have problems
> owing to the bad DNS queries and also my local settting, but why they
> cannot access the IP? For me it is most important to let me friends to
> access the website ASAP. Do you think a local DNS server will help?

Is your firewall blocking ping? Does your ISP block incoming port 80.
Local DNS is not going to help if they cannot access you by IP.

> In another thread, I got hints that my slowing startup of applications
> under KDE/Redhat8 may be caused by a bad FQDN. Do you think that there
> is a simple way to check the FQDN without a DNS server? (I use dynamic
> DNS service for my website, and I did modified /etc/hosts /etc/sysconfig/network
> to reflect the webiste name--IP mapping).

It is best not to alter the 127.0.0.1 line. Either assign hostname or
aliases to your nic IP, or an extra loopback IP like 127.0.0.2.

To see if your hostname resolves from gethostbyname (instead of just DNS)
try this Perl script (call it gethost, run it as ./gethost your_hostname):

#!/usr/bin/perl -w
use Socket;
use strict;
my ($host,$ip,$rhost);
if ($ARGV[0]) {
$host = shift @ARGV;
} else {
die "Enter host you want to resolve on commandline\n";
}
print "Looking up: $host\n";
$ip = join(".",unpack("C4",scalar gethostbyname($host)));
print "IP: $ip\n";
$rhost = gethostbyaddr(inet_aton($ip), AF_INET);
print "Reverse lookup: $rhost\n";


> I may have a bad NIC, but why could I access some websites quickly and
> also my website with my LAN?!

Your IP has no name so that could cause some DNS delays trying to resolve
your connecting IP. Although, that is not usually a problem for web
servers unless they have access controls based on hostnames.

> In summary, I agree that it is likely I had a bad DNS configured. As my
> first aim is to let my friends see my website ASAP, which concrete means
> should I embark on?

See if they can traceroute to your IP (check firewall logs). Set up
apache on a different port and see if they can access it with that port in
URL.

--
David Efflandt - All spam ignored http://www.de-srv.com/
http://www.autox.chicago.il.us/ http://www.berniesfloral.net/
http://cgi-help.virtualave.net/ http://hammer.prohosting.com/~cgi-wiz/

>Is your firewall blocking ping? Does your ISP block incoming port 80.
>Local DNS is not going to help if they cannot access you by IP.

I have opened the PING service. My website works fine weeks ago. Could
I try telnet myIP 80 to test whether my ISP blocking port 80? I access
the website from within my LAN with no problems.

>
>It is best not to alter the 127.0.0.1 line. Either assign hostname or
>aliases to your nic IP, or an extra loopback IP like 127.0.0.2.

I did some modifications on my local setorder hosts,bind
multi on
ting:
/etc/hosts:
127.0.0.1 localhost.localdomain localhost

/etc/resolv.conf:
domain mywebsite.com
search mywebsite.com
nameserver IP1_ISP_NS
nameserver IP2_ISP_NS

/etc/host.conf
order hosts,bind
multi on

Did I obscure something above? (And I don't know what does 'multi on'
mean).


>
>To see if your hostname resolves from gethostbyname (instead of just DNS)
>try this Perl script (call it gethost, run it as ./gethost your_hostname):
>
>#!/usr/bin/perl -w
>use Socket;
>use strict;
>my ($host,$ip,$rhost);
>if ($ARGV[0]) {
> $host = shift @ARGV;
>} else {
> die "Enter host you want to resolve on commandline\n";
>}
>print "Looking up: $host\n";
>$ip = join(".",unpack("C4",scalar gethostbyname($host)));
>print "IP: $ip\n";
>$rhost = gethostbyaddr(inet_aton($ip), AF_INET);
>print "Reverse lookup: $rhost\n";
>
>
Reverse lookup failed. Otherwise I can get the IP from the name.
Seems the dyndns is working again. What could impact the reverse
lookup?

Here is the dig www.mywebsite.com:
; <<>> DiG 9.2.1 <<>> www.mywebsite.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 52343
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.mywebsite.com. IN A

;; Query time: 119 msec
;; SERVER: IP1_ISP_NS#53(IP1_ISP_NS)
;; WHEN: Sun Aug 31 13:46:10 2003

dig again succeeded:
; <<>> DiG 9.2.1 <<>> www.mywebsite.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36845
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;www.mywebsite.com. IN A

;; ANSWER SECTION:
www.mywebsite.com. 120 IN A MY_PUB_ID

;; AUTHORITY SECTION:
mywebsite.com. 120 IN NS ns1.dnsserviceprovider.com.
mywebsite.com. 120 IN NS ns2.dnsserviceprovider.com.

;; Query time: 584 msec
;; SERVER: 202.96.209.5#53(202.96.209.5)
;; WHEN: Sun Aug 31 13:48:01 2003
;; MSG SIZE rcvd: 93

;; MSG SIZE rcvd: 33


>
>>> I may have a bad NIC, but why could I access some websites quickly and
>>> also my website with my LAN?!
>
>
>Your IP has no name so that could cause some DNS delays trying to resolve
>your connecting IP. Although, that is not usually a problem for web
>servers unless they have access controls based on hostnames.

I have this in mind: could it be that because the slow and troublesome
DNS lookup (showed in dig1), my friends have difficult to resolve the
IP of mine? Should I do something here for the apache server? I currently
set in httpd.conf:
ServerName as www.mywebsite.com
UseCanonicalName On

>
>
>>> In summary, I agree that it is likely I had a bad DNS configured. As my
>>> first aim is to let my friends see my website ASAP, which concrete means
>>> should I embark on?
>
>
>See if they can traceroute to your IP (check firewall logs). Set up
>apache on a different port and see if they can access it with that port in
>URL.
>

I will manage to do that. Hmm, most of my friends don't know what is
traceroute. Do you think I can test locally? For example could I use
another PC in the LAN but set the gateway as provided by the ISP instead
of the local LAN's router private IP?


>-- David Efflandt - All spam ignored http://www.de-srv.com/
>http://www.autox.chicago.il.us/ http://www.berniesfloral.net/
>http://cgi-help.virtualave.net/ http://hammer.prohosting.com/~cgi-wiz/
(E-Mail Removed)>...


Thanks a lot!
Wenjie

On 30 Aug 2003 22:53:50 -0700, Wenjie <(E-Mail Removed)> wrote:
>>Is your firewall blocking ping? Does your ISP block incoming port 80.
>>Local DNS is not going to help if they cannot access you by IP.
>
> I have opened the PING service. My website works fine weeks ago. Could
> I try telnet myIP 80 to test whether my ISP blocking port 80? I access
> the website from within my LAN with no problems.
>
> I did some modifications on my local setorder hosts,bind
> multi on
> ting:
> /etc/hosts:
> 127.0.0.1 localhost.localdomain localhost
>
> /etc/resolv.conf:
> domain mywebsite.com
> search mywebsite.com
> nameserver IP1_ISP_NS
> nameserver IP2_ISP_NS
>
> /etc/host.conf
> order hosts,bind
> multi on
>
> Did I obscure something above? (And I don't know what does 'multi on'
> mean).

'multi on' means that gethostbyname would try all available methods to
resolve a name (in this case hosts, and then DNS).

>>To see if your hostname resolves from gethostbyname (instead of just DNS)
>>try this Perl script (call it gethost, run it as ./gethost your_hostname):
(snip)
>
> Reverse lookup failed. Otherwise I can get the IP from the name.
> Seems the dyndns is working again. What could impact the reverse
> lookup?

Your ISP is authority for reverse lookup of your public IP. You cannot do
anything about that without cooperation of your ISP (unlikely where you
are).

> Here is the dig www.mywebsite.com:
> ; <<>> DiG 9.2.1 <<>> www.mywebsite.com
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 52343
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;www.mywebsite.com. IN A
>
> ;; Query time: 119 msec
> ;; SERVER: IP1_ISP_NS#53(IP1_ISP_NS)
> ;; WHEN: Sun Aug 31 13:46:10 2003
>
> dig again succeeded:
> ; <<>> DiG 9.2.1 <<>> www.mywebsite.com
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36845
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;www.mywebsite.com. IN A
>
> ;; ANSWER SECTION:
> www.mywebsite.com. 120 IN A MY_PUB_ID
>
> ;; AUTHORITY SECTION:
> mywebsite.com. 120 IN NS ns1.dnsserviceprovider.com.
> mywebsite.com. 120 IN NS ns2.dnsserviceprovider.com.
>
> ;; Query time: 584 msec
> ;; SERVER: 202.96.209.5#53(202.96.209.5)
> ;; WHEN: Sun Aug 31 13:48:01 2003
> ;; MSG SIZE rcvd: 93
>
> ;; MSG SIZE rcvd: 33

Maybe your ISP's nameservers are overworked (busy).

> I have this in mind: could it be that because the slow and troublesome
> DNS lookup (showed in dig1), my friends have difficult to resolve the
> IP of mine? Should I do something here for the apache server? I currently
> set in httpd.conf:
> ServerName as www.mywebsite.com
> UseCanonicalName On

That should work as long as you keep your dynamic DNS up to date. But I
am not sure what apache does if it cannot find its servername on a local
IP when booting. So you might want to add the following to /etc/hosts:

127.0.0.2 www.mywebsite.com

>>>> In summary, I agree that it is likely I had a bad DNS configured. As my
>>>> first aim is to let my friends see my website ASAP, which concrete means
>>>> should I embark on?
>>
>>
>>See if they can traceroute to your IP (check firewall logs). Set up
>>apache on a different port and see if they can access it with that port in
>>URL.
>>
>
> I will manage to do that. Hmm, most of my friends don't know what is
> traceroute. Do you think I can test locally? For example could I use
> another PC in the LAN but set the gateway as provided by the ISP instead
> of the local LAN's router private IP?

Traceroute in some Windows versions like Win95/98 is called 'tracert'.
Not sure what it is in WinNT/2k/XP.

In order to tell if your website is accessible from internet, you need to
check it from some other internet host. If you have another computer and
dialup ppp account, you could disconnect that computer from LAN and try it
from dialup.

--
David Efflandt - All spam ignored http://www.de-srv.com/
http://www.autox.chicago.il.us/ http://www.berniesfloral.net/
http://cgi-help.virtualave.net/ http://hammer.prohosting.com/~cgi-wiz/