On Thu, 2006-04-06 at 17:45, Don Russell wrote: > > Actually it's curious that you get a timeout rather than an "NXDOMAIN" > > response for a "dig -x 10.10.10.13". > > Yes, "dig ibm.com" comes back in 37 mSec... and "dig -x 129.42.16.103" > (the ibm.com address reported above) comes back in 68 mSec. > > But "dig -x 10.10.10.13" .... see cut/paste below... > > [don@boris ~]$ dig -x 10.10.10.13 > > ; <<>> DiG 9.3.2 <<>> -x 10.10.10.13 > ;; global options: printcmd > ;; connection timed out; no servers could be reached > [don@boris ~]$ That's a private address range - if you use it you should provide the reverse lookup server yourself. But if you insist on wasting the root servers' time with silly queries like that you should get a fairly fast NXDOMAIN response. Perhaps your ISP is acting as a primary for private reverse lookups and it happens to be broken - or they delegate to a server that is firewalled from you. > I'm beginning to think this is not a Fedora issue... but an ISP issue... > so I'm SOL because they *allow*, but don't *support* "home LANs", or > it's some sort of NAT/firewall issue in my router... I'll have to check > that out too... > Is there a way I could (temporarily) configure fedora to use diffent DNS > servers, so I'm not using the two my ISP is telling me to use? > That is, if I know the address of a different DNS server, I can put the > in my dhcp SERVER on my router, do a "service network restart" on Fedora > and pick up the new dns servers that way... > > Do you know the address of a "public" dns I could borrow for a few > minutes? :-) You can install your own nameserver and do it as well as anyone but if you are really using 10.x.x.x addresses, no one else can provide the reverse lookups for you. I thought a hosts file entry should work for that part, though. The other thing that happens during a connection is that sendmail will try an IDENT query on the socket to identify the user if the other end is unix-like. Normally you get a quick ICMP response if nothing is listening on port 113 at the other end, but if you have a firewall configured to silently drop packets you'll have to wait for the timeout, probably 30 seconds. -- Les Mikesell lesmikesell@xxxxxxxxx
