Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] Delay when pinging local domain.
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
lekto
Apprentice
Apprentice


Joined: 20 Sep 2014
Posts: 207
Location: Ancient Rome

PostPosted: Tue Jul 09, 2024 3:33 pm    Post subject: [SOLVED] Delay when pinging local domain. Reply with quote

Hi, I'm working on a new firewall on OpenBSD. I've configured unbound and NSD as DNS. Pinging on the firewall works as should, same pinging global domains on Linux machine. But, when I'm pinging a local machine on Linux, there is a delay after pressing enter:
Code:
lekto@nugget ~ $ ping -c 4 gentoo.org | ts -s
00:00:00 PING gentoo.org (151.101.1.91) 56(84) bytes of data.
00:00:00 64 bytes from 151.101.1.91: icmp_seq=1 ttl=52 time=14.5 ms
00:00:01 64 bytes from 151.101.1.91: icmp_seq=2 ttl=52 time=14.4 ms
00:00:02 64 bytes from 151.101.1.91: icmp_seq=3 ttl=52 time=13.9 ms
00:00:03 64 bytes from 151.101.1.91: icmp_seq=4 ttl=52 time=14.6 ms
00:00:03
00:00:03 --- gentoo.org ping statistics ---
00:00:03 4 packets transmitted, 4 received, 0% packet loss, time 3003ms
00:00:03 rtt min/avg/max/mdev = 13.949/14.360/14.593/0.246 ms
 
lekto@nugget ~ $ ping -c 4 firewall | ts -s
00:00:08 PING firewall.domi (192.168.0.1) 56(84) bytes of data.
00:00:08 64 bytes from _gateway (192.168.0.1): icmp_seq=1 ttl=255 time=0.121 ms
00:00:08 64 bytes from _gateway (192.168.0.1): icmp_seq=2 ttl=255 time=0.148 ms
00:00:09 64 bytes from _gateway (192.168.0.1): icmp_seq=3 ttl=255 time=0.182 ms
00:00:10 64 bytes from _gateway (192.168.0.1): icmp_seq=4 ttl=255 time=0.187 ms
00:00:10
00:00:10 --- firewall.domi ping statistics ---
00:00:10 4 packets transmitted, 4 received, 0% packet loss, time 9616ms
00:00:10 rtt min/avg/max/mdev = 0.121/0.159/0.187/0.026 ms

As you can see, there is a eight seconds delay before the first message is printed when pinging the firewall.

When I run dig firewall on Linux machine I'm getting instant reply:
Code:
lekto@nugget ~ $ dig firewall.domi
 
; <<>> DiG 9.16.48 <<>> firewall.domi
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 535
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;firewall.domi.         IN   A
 
;; ANSWER SECTION:
firewall.domi.      1043   IN   A   192.168.0.1
 
;; Query time: 0 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Tue Jul 09 17:30:54 CEST 2024
;; MSG SIZE  rcvd: 58


Any ideas what is going on or how to debug it?


Last edited by lekto on Tue Jul 16, 2024 5:54 pm; edited 1 time in total
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 20484

PostPosted: Tue Jul 09, 2024 4:20 pm    Post subject: Re: Delay when pinging local domain. Reply with quote

lekto wrote:
there is a eight seconds delay before the first message is printed when pinging the firewall.
I'd first look at logs on the firewall to see if there is anything obvious. I've seen local DNS lookup issues cause "weird" behavior. Maybe try enabling options for verbose logging.

Next, I'd look at tcpdump and wireshark, capturing packets from both ends. That is from the client doing the ping and also from the firewall side.

There is somewhat of a balancing act on using those tools versus digging for verbose logging options. I don't look at packet logs often, so I have a re-learning curve whenever I do it.

EDIT: By the way, capturing packets to logs will consume a LOT of disk space, so be sure to stop logging on both ends after the 8 second delay is over. By that point you should have what you need. A lot happens in 8 seconds.
_________________
Quis separabit? Quo animo?
Back to top
View user's profile Send private message
lekto
Apprentice
Apprentice


Joined: 20 Sep 2014
Posts: 207
Location: Ancient Rome

PostPosted: Tue Jul 16, 2024 5:53 pm    Post subject: Reply with quote

I was missing a reverse DNS. It surprised me because I was focused on _gateway. I have a machine that is called gateway, but I didn't understand why it is here (it is on another network, where nugget was previously connected) and why it starts with underscore. I didn't know that _gateway has a special meaning.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum