On Mon, Feb 28, 2000 at 01:06:21PM +0800, Niclas Hedhman wrote:
>
> If I from my Linux box, envision.asiaconnect.com.my, in Malaysia do
>
> telnet l2w204.medab.se
>
> to a Linux box in Sweden, the connection takes about one minute or so.
> FTP is the same, HTTP a lot faster.
>
> But if I from that machine telnet or ftp back to the Malaysian host, the
> connection is up in a second or two.
>
> I can only explain this by it has something to do with reversed DNS
> resolution, and my questions are...
>
> a) Does it? If not, what else could it be...
It sounds like it. If the telnet daemon and ftp daemon are being
run through tcpd, it would be doing reverse lookups, and waiting
for them time out. This can be checked by looking for lines in
/etc/inetd.conf with:
egrep "ftp|telnet" /etc/inetd.conf
If the last two fields look something like
/usr/sbin/tcpd /usr/sbin/in.ftpd
Then the daemons are being run through tcpd and reverse lookups
are being done.
> b) And in which network, Malaysia or Sweden?
I believe the problem lies in the malaysian network.
The DNS for those domains seem to have some serious issues.
envision.asiaconnect.com.my. is 202.190.60.154
The problem is that:
mimos.my and jaring.my are authoritative for
190.202.in-addr.arpa.
and they have ns records that list the nameservers for
60.190.202.in-addr.arpa. as being
ns.asiaconnect.com.my. and
lh.cyberwerks.com.
lh.cyberwerks.com. doesn't seem to exsist.
ns.asiaconnect.com.my is a CNAME for dns1.asiaconnect.com.my.
and according to RFC 1034:
http://www.cis.ohio-state.edu/htbin/rfc/rfc1034.html
no other records should *ever* point to a CNAME. They should
only point to Real Records, so the second ns records should
point to real name. So these records should be listing
dns1.asiaconnect.com.my as the nameserver.
However looking at dns1.asiaconnect.com.my. it lists only
dns1.asiaconnect.com.my as the name server, so I'm not real
sure why jaring.my. thinks that ns.asiaconnect.com.my. is authoritative
maybe you forgot to update the serial number the last time you
changed the zone?
Also I'd worry that the record for
154.60.190.202.in-addr.arpa.
points to www.envision.com.my. which is a non-exsistant host.
or you could fix it by removing tcp-wrappers on the machine
you are telneting to.
have fun
greg
--
this is not here
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.linux-learn.org/faqs
