On Fri, 3 Jun 2005 20:16:51 +0000 (UTC), Cichlidiot <fishlover@nospam.invalid> wrote:

> Mr.Jason <jaakkochanREMOVETHIS@surfeu.fi> wrote:
> > Ping said "unknown host" when I tried to ping the server. From server I
> > didnt try to ping outside yet.
.. . .
> I'm beginning to wonder if this is all about DNS problems and the server
> itself was fine all along. Also, as for tcpdump and the like, make sure to
> use the -n option (no DNS lookup) or you're just going to be waiting
> forever for it to try to reverse resolve IP address if the problem is a
> DNS one.

Agree, I had much DNS problems switching to ADSL last year and then
putting modem into bridge (transparent) mode for full firewall control,
now it 'just works' except for the odd lookup retry needed during busy
times when nameservers overloaded.

I run dnsmasq now, improves things much. Tried adding more nameservers,
not worth the effort.

One thing that did improve nameserver access was to tell dnsmasq use
specific outgoing port for DNS queries, this fools iptables into seeing
UDP query traffic as single port data stream, thus 'pretend' connection
timer extended from 30 to 180 (I think) seconds so delayed replies from
busy nameservers get back in as ESTABLISHED,RELATED traffic.

--Grant.