I dont know if this is relevant, but my ISP upgraded hardware. The nameserver only uses IPv6 addresses (and only IPv6 protocol?) . I found IPv4 addresses using nslookup.
On Fri, Jul 2, 2021 at 11:13 PM Jason Mitchell <jmitc...@bigjar.com> wrote: > > On 7/1/21 10:17 PM, Todd Gruhn wrote: > > I like the point about DNS -- sooo if I accept tcp/53 and udp/53, that > > can speed things > > up? > > > > On Thu, Jul 1, 2021 at 10:03 PM Todd Gruhn <tgru...@gmail.com> wrote: > >> How would I know if IPF is the problem? > >> > >> I stole the IPF rules from 2 of the IPF examples in /usr/share/examples/ipf > >> > >> On Thu, Jul 1, 2021 at 9:39 PM Brett Lymn <bl...@internode.on.net> wrote: > >>> On Thu, Jul 01, 2021 at 07:05:13PM -0400, Todd Gruhn wrote: > >>>> Is there a way to order IPF-rules so I can get on gmail quicker? > >>>> What about speeding up network access in general? > >>> A couple of thoughts: > >>> > >>> 1) are you sure it is ipf causing the issue? How is gmail without the > >>> firewall on? I wouldn't expect a performance impact from ipf unless > >>> your firewalling is very complex. > >>> > >>> 2) are you sure your rules are correct? A particularly favourite > >>> hobby-horse of mine is people blocking DNS over tcp/53 due to the > >>> totally WRONG belief that only dns zone transfers use tcp/53. This is > >>> WRONG (did I say wrong?) - if a DNS response won't fit into a UDP packet > >>> then the DNS server will reply to the client telling it to try over tcp. > >>> If your firewall doesn't allow that to happen there may be delays in > >>> name resolution which could cause the appearance that gmail is slow. > >>> > >>> -- > >>> Brett Lymn > >>> -- > >>> Sent from my NetBSD device. > >>> > >>> "We are were wolves", > >>> "You mean werewolves?", > >>> "No we were wolves, now we are something else entirely", > >>> "Oh" > > I think you would only need to allow inbound connections to tcp port 53 > if you were running a nameserver on your machine. You would want to make > sure that you allow outbound connections on tcp port 53 from your > nameserver in any case. Are you using your own nameserver or are you > using another machine for name resolution? > > If the nameserver isn't on your computer than: "nc -w 4 -v <nameserver > ip> 53" will let you know if you can connect to that server on port 53. > (-v = verbose, -w 4 = 4 second timeout so you don't wait forever). If > there's a network problem the connection will timeout or you'll get an > error. Here are examples: > > # nc -w 4 -v 8.8.8.7 53 > nc: connect to 8.8.8.7 port 53 (tcp) failed: Connection timed out > > # nc -w 4 -v 8.8.8.8 53 > Connection to 8.8.8.8 53 port [tcp/domain] succeeded! > > # nc -w 4 -v <local ip> 53 > nc: connect to <local ip> port 53 (tcp) failed: Connection refused > > Use Ctrl-D to close nc if a connection is made. If you're not sure what > nameserver you're using then "resolvconf -l" should show you. I'm > simplifying somewhat as things can be (much) more complicated. But > hopefully I've made things somewhat clearer. <crosses fingers> > > And I use mail.google.com somewhat often and it goes to the same place > as gmail.com. > > Thanks, > > Jason M. >
