slow dns for domain name

I have a netgear MR814v2 as my wireless router. I have a linux box
behind the router to which some ports are forwarded (ssh, http). I
also have a domain name which is dynamically pointed to the extern IP
address (a comcast one, currently).

When I am at work (ie not at home), I can reach my linux box (via ssh
or http for example), not a problem. Nice and fast.

When I am at home on another machine behind the router, then trying to
go to my box via the domain name is slow or just doesn't work...

$ traceroute <domain name>
traceroute to <domain name> (<external IP>), 64 hops max, 40 byte
packets
1 * * *
2 * * *

It just doesn't want to work. The same thing is true for my Mac and a
Windows box behind the router. All machines behind the router trying
to reach my main computer via the domain name just bog down.

I have no clue why. All I can figure out is that my router is setup
incorrectly, but that doesn't make much sense.

Any suggestions of how I can track this down?

try using traceroute -I instead of traceroute as this will use ICMP
packets rather than UDP - your firewall probably isn't configured
to allow the traceroute UDP packets through.

Here's what I would do:

1. check the domain name resolves to an IP address in your private
network - e.g. with nslookup.
All of your machines should be able to resolve the domain name to an IP
address

2. check if traceroute -I and ping work for your domain name in your
private network. Again this
should work for all machines
You might have to configure the netgear to respond to pings.

3. check the routing in your local domain to see where the traffic
is going- both on the linux box and all the client machines
I would check the routing table on the wireless router too.

On 23 Nov 2005, in the Usenet newsgroup comp.os.linux.networking, in article
<(E-Mail Removed) .com>, (E-Mail Removed)
wrote:

>I have a netgear MR814v2 as my wireless router. I have a linux box
>behind the router to which some ports are forwarded (ssh, http). I
>also have a domain name which is dynamically pointed to the extern IP
>address (a comcast one, currently).

OK

[External works fine]

>When I am at home on another machine behind the router, then trying to
>go to my box via the domain name is slow or just doesn't work...

The Linux box behind the router - does /sbin/ifconfig show a "real" IP
like 69.251.15.108, or is it a RFC1918 address that your router is
masquerading to? The problem is likely to be the router, getting
confused why packets from the local LAN need to be forwarded back to the
local LAN to reach the destination. The solution in that case is to
set up a /etc/hosts file on each computer on the LAN that has an entry
for your external domain, but pointing at the RFC1918 address as
applicable.

>$ traceroute <domain name>
>traceroute to <domain name> (<external IP>), 64 hops max, 40 byte
>packets
> 1 * * *
> 2 * * *

Different problem(s). The routing table is wrong on one or more of
your LAN, and/or you are blocking ICMP. Troubleshoot this one using
tcpdump on all hosts to see where the stuff is being disconnected or
ignored.

>I have no clue why. All I can figure out is that my router is setup
>incorrectly, but that doesn't make much sense.

Why? Routing is pretty straight forward.

Old guy

All machines behind the router show their 10.8.33.X address.

You are right, for my desktops, I have just setup the /etc/hosts file.
But the problem is for my Windows and Mac laptops. Both of them I take
out of the house and use on other networks, in that case I have had to
add or remove the line in the /etc/hosts file. I can do that, but it
is just a pain.

I'll take a look at the ICMP.

On 27 Nov 2005, in the Usenet newsgroup comp.os.linux.networking, in article
<(E-Mail Removed) .com>, (E-Mail Removed)
wrote:

>All machines behind the router show their 10.8.33.X address.

Simple solution - at work, call them by the 'Internet' name that
matches up with the real domain. AT HOME, refer to them by a
different name - that maps to the 10.8.33.X address.

>But the problem is for my Windows and Mac laptops. Both of them I take
>out of the house and use on other networks, in that case I have had to
>add or remove the line in the /etc/hosts file.

Your domain is "foo.bar", and you connect to www.foo.bar. That probably
resolves on the internet, so leave it alone. AT HOME. the actual web
server is on "10.8.33.11". In all of your hosts files, add a line

10.8.33.11 www.foo.home

Now at work, you connect to www.foo.bar, and the kernel will look in
/etc/hosts (no, it's not here), and then ask the DNS server, and get
the external address. At home, you connect to www.foo.home and the
kernel will look in /etc/hosts and find the local address (it won't
therefore bother a DNS server asking about a non-valid hostname).

We have a few hosts (generally laptops used as work stations) that move
from one network to another. When they boot, they wait at a prompt to
ask what network they are on (this can also be done by tweaking runlevels
for example - 4 for GUI at home, 5 for GUI at work), and therefore assume
the correct identity for the network they are attached to.

Old guy