On Thu, 2006-04-06 at 18:43, Don Russell wrote: > I've been using this address range for years, and never noticed any > problems. Just recently I notice it takes a long time to get a response > when connecting from 10.10.10.253 to 10.10.10.250 using ssh. > > Telnet 10.10.10.250 25 (smtp) from 10.10.10.253 takes a very long time > (a minute or more sometimes) to get a response... My Thunderbird mail > clients time out trying to send mail to 10.10.10.250 when last week they > had no problems at all. > > I also tried telnet from "outside" and it takes a while for a response > too... it used to be much quicker... > > If you're curious... try telnet drussell dnsalias com 25 (with dots in > all the right places) and see how long it takes for you to get a response... > > Maybe you're right... maybe my ISP was providing the necessary lookups > and now that's broken on their end... I got a connection immediately - the response close to a minute later. Do you perhaps have 2 nameservers listed in your resolv.conf with the 1 one not responding? > > The other thing that happens during a connection is that > > sendmail will try an IDENT query on the socket to identify > > the user if the other end is unix-like. Normally you get > > a quick ICMP response if nothing is listening on port 113 > > at the other end, but if you have a firewall configured to > > silently drop packets you'll have to wait for the timeout, > > probably 30 seconds. > > > > > > And does the ssh server do that sort of thing too? I don't think it tries IDENT, but it will do the reverse dns to log the hostname from the inbound connection. -- Les Mikesell lesmikesell@xxxxxxxxx
