[email protected] wrote: > And I can't understand what is slowing DNS activity (connections by naame > are slow while connections by IP are normal).
Look at your name resolver setup. Slow DNS resolution is more likely to be an issue with DNS than with the firewall - ie randomly blocking stuff isn't likely to help. So first off, what is doing DNS resolution for you/your devices ? Is the issue consistent ? Have you used a packet sniffer (eg wireshark, others are available) to sniff for DNS packets ? Eg, "tshark -i eth0 -f 'port 53'" will show you DNS packets on eth0. For example, if you have a resolver configured in teh client that isn't actually working, then you'll get slow DNS lookups. The resolver library may well work through the list, and if the first one doesn't work then it won't move on to the next until the first has timed out. Thus all your DNS lookups are "slow". This behaviour varies widely between OSs and setups - eg I think Windows (at least some versions) will drop a "dead" resolver to the bottom of it's list and only look at it again if all the rest fail. ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
