Request for advice about WAN problem

Chuck Bearden cbearden at sparc.hpl.lib.tx.us
Fri Jul 25 11:00:40 EDT 1997 

I ran into something like this when we brought two of our branches 
online with TCP/IP networking.  We allocated them each a class C 
that had been allocated to us by our ISP, but never used.  When we 
tried to get Library or City web pages from these branches, it took 
forever for the servers to respond.  When we tried to get web pages 
from remote sites, they came up quite quickly.  Traceroute and pings 
to our servers revealed no time problems.  

I fixed the problem by advertising authority in our DNS tables for 
inverse lookups in the new network addresses we assigned.  The 
problem was that our servers consulted our DNS to resolve the 
addresses of the new workstations when they connected.  They didn't 
themselves have an answer, and apparently were confused when they 
asked the outside world for an authoritative answer, since the 
outside world didn't have one.  When our servers finally gave up 
trying to resolve the IP into a name, they permitted the connection.  
In other words, the wait was caused solely by our servers trying 
to do a reverse lookup on the IP addresses of the new branch 
workstations.  

Our DNS dithered trying to resolve the IP, but outside servers more 
quickly decided that there wasn't a resolution of those IPs into 
names, and said "what the heck: let them connect, and we'll just 
log them by IP".  My guess is that it had something to do with the 
way our resolvers recursed the namespace from above the level in 
the DNS hierarchy where authority was supposed to be vs. the 
way all others (who started from a place closer to the root of 
the DNS system) did so.  

You might check to see if the DNS at the main campus can resolve 
the Start of Authority for reverse lookups in the network addresses 
allocated to you.  If not, perhaps your ISP needs to be asked to 
be sure SOA for your addresses is available, and perhaps even 
to delegate it to the primary nameserver at your main campus so 
that your folks can update the tables (or not) as desired, and 
so that the main campus servers can find SOA for your network.  

Hope this helps,

Chuck

More information about the Web4lib mailing list