Slow LAN without internet (but OK with)

Hello there

I have a network with an linux machine (ubuntu 7.10) acting as a
router (two eth connections, one to my adsl router the other to a 10
port switch).

The problem is that everything works just fine when the internet
connection is available, but not when it isn't. The problem is that it
takes much longer to establish a connection with any service running
on that same machine (ssh, smtp, mac file sharing)... eg. with
internet: ssh into router takes no time at all, without internet it
takes about 10 seconds for the password prompt to appear.

This happens with any client I use (other linux boxes, mac and
windows).

I thought it might be something in the bind configuration, but the
same problem happens when using IP adresses.

Does anyone know what could be wrong?

Thanks in advance

Panivino wrote:
> Hello there
>
> I have a network with an linux machine (ubuntu 7.10) acting as a
> router (two eth connections, one to my adsl router the other to a 10
> port switch).
>
> The problem is that everything works just fine when the internet
> connection is available, but not when it isn't. The problem is that it
> takes much longer to establish a connection with any service running
> on that same machine (ssh, smtp, mac file sharing)... eg. with
> internet: ssh into router takes no time at all, without internet it
> takes about 10 seconds for the password prompt to appear.
>
> This happens with any client I use (other linux boxes, mac and
> windows).
>
> I thought it might be something in the bind configuration, but the
> same problem happens when using IP adresses.
>
> Does anyone know what could be wrong?
>
> Thanks in advance
>
try connecting to it with the IP address and see if
that changes anything

In news:gp3cdr$cn2$(E-Mail Removed),
goarilla@work <(E-Mail Removed)> typed:

>> I thought it might be something in the bind configuration, but the
>> same problem happens when using IP adresses.
....
> try connecting to it with the IP address and see if
> that changes anything

Lerning tu rede is gud.

To the OP: please post the results of :

cat /etc/hosts /etc/nsswitch.conf

I'd bet that something's amiss in one of those two files.

On Mar 9, 5:59*pm, "Greg Russell" <m...@privacy.net> wrote:
> Innews:gp3cdr$cn2$(E-Mail Removed),
> goarilla@work <kevindotpau...@mtmdotkuleuven.be> typed:
>
>
>
> >> I thought it might be something in the bind configuration, but the
> >> same problem happens when using IP adresses.
> ...
> > try connecting to it with the IP address and see if
> > that changes anything
>
> Lerning tu rede is gud.
>
> To the OP: please post the results of :
>
> * * cat /etc/hosts /etc/nsswitch.conf
>
> I'd bet that something's amiss in one of those two files.

(Sorry Greg if you received a mail message with the same content as
this message - I hit "Reply to Author" instead of "reply" ....)

OK, so here are the files you mention.

In /etc/hosts I've only added two hosts. /etc/nssswith has not been
changed as far as I remember.

BTW, the "mythbox" machine works perfectly, even when there's no
internet.

I've also ran a "tcpdump -i eth1" -vv and I don't see any traffic when
using a local connection. (eth1 is connected to the DSL router)

####/etc/hosts:
127.0.0.1 localhost
192.168.110.10 servidor <<<< the machine itself
192.168.110.11 mythbox <<<< (obviously) added by me

# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts


### nssswith.conf:
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed,
try:
# `info libc "Name Service Switch"' for information about this file.

passwd: compat
group: compat
shadow: compat

hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 mdns
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

netgroup: nis

On Mar 9, 5:59*pm, "Greg Russell" <m...@privacy.net> wrote:
> Innews:gp3cdr$cn2$(E-Mail Removed),
> goarilla@work <kevindotpau...@mtmdotkuleuven.be> typed:
>
>
>
> >> I thought it might be something in the bind configuration, but the
> >> same problem happens when using IP adresses.
> ...
> > try connecting to it with the IP address and see if
> > that changes anything
>
> Lerning tu rede is gud.
>
> To the OP: please post the results of :
>
> * * cat /etc/hosts /etc/nsswitch.conf
>
> I'd bet that something's amiss in one of those two files.

Something else I've just tried ... the problem goes away when I do
a "ifdown eth1" - no more delays when establishing connections to
the server.
ie. the problem only occurs when the interface is up, but no
connection to the internet can be established.

Greg Russell wrote:
> In news:gp3cdr$cn2$(E-Mail Removed),
> goarilla@work <(E-Mail Removed)> typed:
>
>>> I thought it might be something in the bind configuration, but the
>>> same problem happens when using IP adresses.
> ...
>> try connecting to it with the IP address and see if
>> that changes anything
>
> Lerning tu rede is gud.
>
> To the OP: please post the results of :
>
> cat /etc/hosts /etc/nsswitch.conf
>
> I'd bet that something's amiss in one of those two files.
>
>
>
hehehehehe oops

Moe Trin wrote:
> On Mon, 9 Mar 2009, in the Usenet newsgroup comp.os.linux.networking, in article
> <7f4cc895-1669-4df6-81bb-(E-Mail Removed)>, Panivino
> wrote:
>
> NOTE: Posting from groups.google.com (or some web-forums) dramatically
> reduces the chance of your post being seen. Find a real news server.
>
>> I have a network with an linux machine (ubuntu 7.10) acting as a
>> router (two eth connections, one to my adsl router the other to a 10
>> port switch).
>
>> The problem is that everything works just fine when the internet
>> connection is available, but not when it isn't. The problem is that it
>> takes much longer to establish a connection with any service running
>> on that same machine (ssh, smtp, mac file sharing)... eg. with
>> internet: ssh into router takes no time at all, without internet it
>> takes about 10 seconds for the password prompt to appear.
>
> Classic name lookup problem. Only been around for maybe 25 years.
>
>> I thought it might be something in the bind configuration, but the
>> same problem happens when using IP adresses.
>
> You're posting from a Mac, but you'd probably have the best luck by
> running a packet sniffer on the Ubuntu box.
>
> Ethereal/Wireshark, Ettercap, dSniff, EtherPeek, AiroPeek, OmniPeek,
> PRTG, EtherApe, Analyzer, Packetyzer, IPDump2, Sniff'em, GreedyDog,
> or the classic /usr/sbin/tcpdump. For the latter, use
>
> /usr/sbin/tcpdump -ni eth0 -s 512 port 53
>
> (that assumes eth0 is your Local connection). What you'll see is the
> "server" sending a DNS PTR request - "what is the _name_ of the host
> with IP address 192.0.2.11?". It wants this information for the
> logs. It doesn't matter if your _client_ connects using IP addresses
> in place of names - it's the _server_ that wants to know. When the
> Internet connection is up, the remote name server answers - perhaps
> NXDOMAIN, perhaps the "real" name of the host. When the connection
> is down, there is no response from the name server, and things have to
> wait until the request has timed out.
>
>> Does anyone know what could be wrong?
>
> Either run a name server that is authoritative for your local domain,
> or see that all hostnames/addresses are in the /etc/hosts file on
> all of the "servers".
>
> Old guy

little question out of curiosity:
how does one run an authoritative DNS server for your local domain
if one doesn't have a valid domain eg a typical home situation
and is behind a NAT router can you run a dns for an .invalid domain ?

On Tue, 10 Mar 2009 10:29:35 +0100, goarilla@work wrote:

> how does one run an authoritative DNS server for your local domain
> if one doesn't have a valid domain eg a typical home situation
> and is behind a NAT router can you run a dns for an .invalid domain ?

If you mean a DNS server on your LAN for just your machines, it is not
that hard. Install bind, configure your forwarders, create your
forward/reverse zones and enable/start named.

I always do a clean install of new Distribution releases. To keep the
work down, I automated my system changes. For my DNS server, I have
/etc/hosts with all my nodes and a script to read it and create the
forward/reverse files/tables.

I used to use home.invalid, changed to home.test. Just change them back where
you see home.test. Here are my named.conf changes from the vendor's
original named.conf using OpenDNS free DNS servers as my forwarders.


# dif /var/lib/named/etc/named.conf_vorig /var/lib/named/etc/named.conf
44c44
< // forwarders { first_public_nameserver_ip; second_public_nameserver_ip; };
---
> forwarders { 208.67.222.222; 208.67.220.220; };
139a140,152
>
> zone "home.test" IN {
> type master;
> file "master/home.zone";
> allow-update { none; };
> };
>
> zone "1.168.192.in-addr.arpa" IN {
> type master;
> file "reverse/home.reversed";
> allow-update { none; };
> };
>
[root@wm81 ~]#

Scripts which do all the work found here.

http://groups.google.com/group/alt.o...1?dmode=source

Commands to enable/start named are chkconfig and service. You may have
to change those for your distribution.

Bit Twister wrote:
> On Tue, 10 Mar 2009 10:29:35 +0100, goarilla@work wrote:
>
>> how does one run an authoritative DNS server for your local domain
>> if one doesn't have a valid domain eg a typical home situation
>> and is behind a NAT router can you run a dns for an .invalid domain ?
>
> If you mean a DNS server on your LAN for just your machines, it is not
> that hard. Install bind, configure your forwarders, create your
> forward/reverse zones and enable/start named.
>
> I always do a clean install of new Distribution releases. To keep the
> work down, I automated my system changes. For my DNS server, I have
> /etc/hosts with all my nodes and a script to read it and create the
> forward/reverse files/tables.
>
> I used to use home.invalid, changed to home.test. Just change them back where
> you see home.test. Here are my named.conf changes from the vendor's
> original named.conf using OpenDNS free DNS servers as my forwarders.
>

so you don't use home.invalid anymore ?

another question is there a way to change the opendns setting so it won't
give that banner, it's a real annoyance when wgetting or curling files

On Tue, 10 Mar 2009 17:04:44 +0100, goarilla@work wrote:

> so you don't use home.invalid anymore ?

No, .test is almost the same difference.
http://www.rfc-editor.org/rfc/rfc2606.txt

> another question is there a way to change the opendns setting so it won't
> give that banner,

Guessing no. I have not seen the problem. I use wget and html2text to
fetch pages to test for new product releases and see nothing having
OpenDSN in the downloaded pages.

> it's a real annoyance when wgetting or curling files

What did you expect for the FREE dns servers.
That leaves you with using some other DNS servers as forwarders.