my smtp server is very slow to accept connections today

Thu Apr 6 23:43:43 UTC 2006

On 4/6/2006 4:02 PM, Les Mikesell wrote:
> On Thu, 2006-04-06 at 17:45, Don Russell wrote:
> 
>>> Actually it's curious that you get a timeout rather than an "NXDOMAIN" 
>>> response for a "dig -x 10.10.10.13".
>> Yes, "dig ibm.com" comes back in 37 mSec... and "dig -x 129.42.16.103" 
>> (the ibm.com address reported above) comes back in 68 mSec.
>>
>> But "dig -x 10.10.10.13" .... see cut/paste below...
>>
>> [don at boris ~]$ dig -x 10.10.10.13
>>
>> ; <<>> DiG 9.3.2 <<>> -x 10.10.10.13
>> ;; global options:  printcmd
>> ;; connection timed out; no servers could be reached
>> [don at boris ~]$
> 
> That's a private address range - if you use it you should
> provide the reverse lookup server yourself.  But if you
> insist on wasting the root servers' time with silly
> queries like that you should get a fairly fast
> NXDOMAIN response.  Perhaps your ISP is acting as
> a primary for private reverse lookups and it happens
> to be broken - or they delegate to a server that is
> firewalled from you.
> 
> 

I've been using this address range for years, and never noticed any 
problems. Just recently I notice it takes a long time to get a response 
when connecting from 10.10.10.253 to 10.10.10.250 using ssh.

Telnet 10.10.10.250 25 (smtp) from 10.10.10.253 takes a very long time 
(a minute or more sometimes) to get a response... My Thunderbird mail 
clients time out trying to send mail to 10.10.10.250 when last week they 
had no problems at all.

I also tried telnet from "outside" and it takes a while for a response 
too... it used to be much quicker...

If you're curious... try telnet drussell dnsalias com 25 (with dots in 
all the right places) and see how long it takes for you to get a response...

Maybe you're right... maybe my ISP was providing the necessary lookups 
and now that's broken on their end...

>> I'm beginning to think this is not a Fedora issue... but an ISP issue... 
>> so I'm SOL because they *allow*, but don't *support* "home LANs", or 
>> it's some sort of NAT/firewall issue in my router... I'll have to check 
>> that out too...
> 
>> Is there a way I could (temporarily) configure fedora to use diffent DNS 
>> servers, so I'm not using the two my ISP is telling me to use?
> 
> 
>> That is, if I know the address of a different DNS server, I can put the 
>> in my dhcp SERVER on my router, do a "service network restart" on Fedora 
>> and pick up the new dns servers that way...
>>
>> Do you know the address of a "public" dns I could borrow for a few 
>> minutes? :-)
> 
> You can install your own nameserver and do it as well as anyone
> but if you are really using 10.x.x.x addresses, no one else can
> provide the reverse lookups for you.   I thought a hosts file
> entry should work for that part, though.
> 
> The other thing that happens during a connection is that
> sendmail will try an IDENT query on the socket to identify
> the user if the other end is unix-like.  Normally you get
> a quick ICMP response if nothing is listening on port 113
> at the other end, but if you have a firewall configured to
> silently drop packets you'll have to wait for the timeout,
> probably 30 seconds. 
> 
> 

And does the ssh server do that sort of thing too?