On Thu, Mar 13, 2003 at 10:36:34AM -0500, Collins, Kevin wrote: > When I have the machine running as a router (i.e. ip forwarding enabled, no > firewall rules in place) everything works fine. When I start my firewall, > DNS slows down to a crawl. It works, but it works so slow that it feels > like it's not. First guess is that whatever app is trying to 'do dns' is first trying a DNS server that is NOT responding due to the firewall rules, and after timeouts ends up trying one that DOES work. So, if it's a unix-like machine inside the network seeing the problem, what's in the /etc/resolv.conf ? When a lookup is attempted from an internal machine with the firewall up what does a 'tcpdump -ni <extif> port 53' show ? You may want to run a similar tcpdump on the appropriate internal interface too to see the difference. -Ath -- - Athanasius = Athanasius(at)miggy.org / http://www.miggy.org/ Finger athan(at)fysh.org for PGP key "And it's me who is my enemy. Me who beats me up. Me who makes the monsters. Me who strips my confidence." Paula Cole - ME
Attachment:
pgp00379.pgp
Description: PGP signature
