[ previous ] [ next ] [ threads ]
 
 From:  "=?BIG5?B?tsCr2K54KGphbmcgaHVhbmcp?=" <jang0820 at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] DNS request timeout
 Date:  Fri, 23 Jun 2006 20:12:40 +0800
Thank you  very much  for  your  help.
About  25  notebooks  use  M0N0  as DHCP  server,
They   get   IP and  DNS  from  M0N0, they  set  DNS
server  to  M0N0  Private  Lan  IP.
They  always  work  fine, but  sometime  also  has  the  same
problem,less than  set DNS to Public  IP.

I  forget  to say the problem is obvious in computer  classroom.
Using  M0N0  translate  100  computers in  computer  classroom, they
will  boot  at the  same time. Then students  surf  Internet.
About  10%-15% computer  has  DNS problem.This bother me and
students.Maybe too many computers  request  DNS  service at the same
time.I will try  set  DNS  to  M0N0 Lan IP.

Can  I modify  kernel parameters(sysctl)  or  NAT rules or Firewall
rules or  recompile Kernel to reduce  this  problem?   What  I  must
pay  attention?

                                         Jang

2006/6/23, Klaus Stock <ks at stock dash consulting dot com>:
> > My  external  DNS  server  works for  100  computer  in  public ip
> > domain,too. It  works  well.
> >
> > I  set  DNS  servers  manually in  system-> general ,and uncheck
> > option "allow servers to be overridden... ".
> >
> > The  computer  in  private ip domain , DNS  timeout will happen
> > ,when browser  connect  to Internet first  time.
> > When  DNS  server  response  correctly  once, it  will
> > always  works   well  after that.
> > When  I  reset NAT  table and  firewall state table ,the  computer
> > which can not  find  DNS  server  will  find it.
>
> I guess it currently works this way:
> When a client does a DNS request, the firewall creates an implicit rule for
> that client which allows the DNS servcer's response to pass though (back to
> the client). The problem appears to be that sometimes the firewall doesn't
> create an implicit pass rule, and then the corresponsdig client is out of
> luck.
>
> You might try to set the m0n0wall into "DMX Forwarder" mode. That way, all
> clients shoud send their DNS requests to the m0n0wall (if auto-configured
> via DHCP, otherwise the DNS server address at the client side should be set
> to the provate 0n0wall IP address) and the m0n0wall will query the real DNS
> servers. That way, the firewall should not get into the way.
>
> Just a wild guess at what is going on. You might want to try this after
> regular work, in order not to cause a major service disruption if it doesn't
> work..
>
> - Klaus
>
>
> >
> >                                                 Jang
> >
> >
> >
> >
> > 2006/6/23, Holger Bauer <Holger dot Bauer at citec dash ag dot de>:
> > > Make sure your external DNS Servers are responding fast enough. The m0n0
> just
> > forwards the request to the external servers and reports back what it got.
> If
> > the external server doesn't answer in time you'll see issues like the ones
> you
> > described. You can set DNS servers manually at system>general in case you
> get
> > them autoassigned by dialin/DHCP. Make sure the checkmark is removed from
> the
> > option "allow servers to be overridden..." below the dns server fields.
> > >
> > > Holger
> > >
> > > > -----Original Message-----
> > > > From: jang0820 at gmail dot com [mailto:jang0820 at gmail dot com]
> > > > Sent: Friday, June 23, 2006 2:41 AM
> > > > To: m0n0wall at lists dot m0n0 dot ch
> > > > Subject: Re: [m0n0wall] DNS request timeout
> > > >
> > > >
> > > > I  use   DHCP on LAN and DNS forwarder.
> > > > The computer  get  ip  from  DHCP and  use DNS  forwarder,
> > > > DNS  server  set to M0N0 Lan IP.Also  have the  same problem.
> > > > Thank  you  very  much.
> > > >                                                         Jang
> > > >
> > > >
> > > > 2006/6/22, Klaus Stock <ks at stock dash consulting dot com>:
> > > > > > DNS is UDP packet.Or have other reason.
> > > > >
> > > > > The m0n0wall can operate as a DNS forwarder. This allows
> > > > the clients to use
> > > > > the m0n0wall as DNS server. The m0n0wall of course just
> > > > queries the real DNS
> > > > > servers in the internet to resolve host names.
> > > > >
> > > > > Alternatively, the m0n0wall can tell the clients to use the
> > > > real DNS servers
> > > > > in the internet (via DHCP, if enabled).
> > > > >
> > > > > What kind of configuration are you currently using at your
> > > > site? (DHCP on
> > > > > WAN, DHCP on LAN, DNS forwarder?)
> > > > >
> > > > > - Klaus
> > > > >
> > > > > _________________________________________________________
> > > > > This mail sent using V-webmail - http://www.v-webmail.orgg
> > > > >
> > > > >
> > > > >
> > > > ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > > > > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > > > >
> > > > >
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > > > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > > >
> > > >
> > >
> > > ____________
> > > Virus checked by G DATA AntiVirusKit
> > >
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >
> >
>
> _________________________________________________________
> This mail sent using V-webmail - http://www.v-webmail.orgg
>
>