On Thu, 2007-12-06 at 00:43 -0500, Chris Knadle wrote:
> Well, here's the thing: right now your search line in /etc/resolv.conf is > a > partially valid domain name [myhome.westell.com]; westell.com is a public > domain name that exists and has DNS servers that resolve queries for it, even > though the subdomain myhome.westell.com does not exist. DNS resolution is > done by first looking up the .com root name server and asking what DNS server > is authoratative for westell.com, then that name server is queried for what > DNS server is authoratative for myhome.westell.com, which then fails since > that subdomain does not exist. Those queries are going to a remote DNS > server, they're unnecessary, and take time. > I'm guessing that sequence will happen every time you try to access any > DNS > name that isn't fully qualified. > > You could change the domain name that the search line points to to some > completely non-existant domain like "fake.bogus" which should be faster since > there's no root name server for .bogus -- or I suppose you could remove the > search line entirely. > Thanks for the informative reply. This is my first exposure to DNS. On my thread on comp.os.linux.networking, "Bit Twister" told me that my /etc/resolv.conf caused performance problems, but without the explanation, I didn't understand why. I ended up removing the search line entirely. ======== grep -v '^#' /etc/resolv.conf ========== nameserver 68.237.161.12 nameserver 71.250.0.12 Now, in addition to all the connection attempts to my port 80, I'm getting tons of UDP traffic to port 137 being trapped by iptables and/or Firestarter. I have no idea what's going on. Do you have any suggestions? I Googled UDP "port 137". One thing I saw is something about reverse DNS lookups from secondary DNS servers running Windows. Here's a sample from my /var/log/messages: === grep eth0 /var/log/messages | tail -10 === Dec 9 22:00:06 alweiner kernel: Inbound IN=eth0 OUT= MAC=00:07:e9:01:b2:09:00:18:3a:53:f7:fb:08:00 SRC=192.168.1.1 DST=192.168.1.150 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=4701 DF PROTO=TCP SPT=1178 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 Dec 9 22:00:12 alweiner kernel: Inbound IN=eth0 OUT= MAC=00:07:e9:01:b2:09:00:18:3a:53:f7:fb:08:00 SRC=192.168.1.1 DST=192.168.1.150 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=4703 DF PROTO=TCP SPT=1178 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 Dec 9 22:00:24 alweiner kernel: Inbound IN=eth0 OUT= MAC=00:07:e9:01:b2:09:00:18:3a:53:f7:fb:08:00 SRC=192.168.1.1 DST=192.168.1.150 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=4704 DF PROTO=TCP SPT=1178 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 Dec 9 22:00:32 alweiner kernel: Inbound IN=eth0 OUT= MAC=00:07:e9:01:b2:09:00:18:3a:53:f7:fb:08:00 SRC=192.168.1.1 DST=192.168.1.150 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=4705 PROTO=UDP SPT=137 DPT=137 LEN=58 Dec 9 22:00:33 alweiner kernel: Inbound IN=eth0 OUT= MAC=00:07:e9:01:b2:09:00:18:3a:53:f7:fb:08:00 SRC=192.168.1.1 DST=192.168.1.150 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=4706 PROTO=UDP SPT=137 DPT=137 LEN=58 Dec 9 22:00:34 alweiner kernel: Inbound IN=eth0 OUT= MAC=00:07:e9:01:b2:09:00:18:3a:53:f7:fb:08:00 SRC=192.168.1.1 DST=192.168.1.150 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=4707 PROTO=UDP SPT=137 DPT=137 LEN=58 Dec 9 22:00:35 alweiner kernel: Inbound IN=eth0 OUT= MAC=00:07:e9:01:b2:09:00:18:3a:53:f7:fb:08:00 SRC=192.168.1.1 DST=192.168.1.150 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=4708 PROTO=UDP SPT=137 DPT=137 LEN=58 Dec 9 22:00:36 alweiner kernel: Inbound IN=eth0 OUT= MAC=00:07:e9:01:b2:09:00:18:3a:53:f7:fb:08:00 SRC=192.168.1.1 DST=192.168.1.150 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=4709 PROTO=UDP SPT=137 DPT=137 LEN=58 Dec 9 22:00:50 alweiner kernel: Inbound IN=eth0 OUT= MAC=00:07:e9:01:b2:09:00:18:3a:53:f7:fb:08:00 SRC=192.168.1.1 DST=192.168.1.150 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=4721 DF PROTO=TCP SPT=1179 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 Dec 9 22:00:51 alweiner kernel: Inbound IN=eth0 OUT= MAC=00:07:e9:01:b2:09:00:18:3a:53:f7:fb:08:00 SRC=192.168.1.1 DST=192.168.1.150 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=4722 DF PROTO=TCP SPT=1179 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 Also, if I could get my DSL modem/router to do logging, could that help me determine the IP addresses of the packets attempting connection to my port 80? _______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) MHVLS Auditorium Dec 5 - Open Source Show and Tell Jan 2 - TBD Feb 6 - DBUS Mar 5 - Setting up a platform-independent home/small office network using Linux
