My machine is a dual-boot i7 machine running on one side Windows 7 and here, Mandriva 2010 (64 bit).
I've complained to my phone provider in the past about things slowing down after a period of a few hours so they changed the router. I now have a Huawei HG520b instead of the D-Link I had previously. I'd done a factory reset on that before swapping it out but then the new router arrived so I stuffed that in its place without testing the reset.
With the Huawei, Windows will do lookups fine but Mandriva takes ages for everything, web searches, mail and so on. Sending this message sat there for ages doing a lookup for the smtp address before I cancelled it to add this.
I *think* I've got both sides, Windows 7 and Mandriva, setup the same with DHCP for both IP address and DNS servers but is there anything I can try before I rip the Huawei out and put back the D-Link?
TIA.
Chris Walker wrote:
With the Huawei, Windows will do lookups fine but Mandriva takes ages for everything, web searches, mail and so on. Sending this message sat there for ages doing a lookup for the smtp address before I cancelled it to add this.
I *think* I've got both sides, Windows 7 and Mandriva, setup the same with DHCP for both IP address and DNS servers but is there anything I can try before I rip the Huawei out and put back the D-Link?
I've seen slow lookups like you describe when a machine was misconfigured to have non-responding DNS servers in /etc/resolv.conf (to fix that remove the bad ones), or when IPV6 lookups are tried first (simple workaround is to disable ipv6).
You need to figure out what mandriva is sending to your DNS server. Try tcpdump/wireshark to sniff the network. It will also be useful to use "dig" to make explicit lookups to the DNS servers, to see if they send prompt responses.
-- Martijn
On 27/05/10 21:50, Martijn Koster wrote:
Chris Walker wrote:
With the Huawei, Windows will do lookups fine but Mandriva takes ages for everything, web searches, mail and so on. Sending this message sat there for ages doing a lookup for the smtp address before I cancelled it to add this.
I *think* I've got both sides, Windows 7 and Mandriva, setup the same with DHCP for both IP address and DNS servers but is there anything I can try before I rip the Huawei out and put back the D-Link?
I've seen slow lookups like you describe when a machine was misconfigured to have non-responding DNS servers in /etc/resolv.conf (to fix that remove the bad ones), or when IPV6 lookups are tried first (simple workaround is to disable ipv6).
Not sure I'm doing the right thing here so a bit more quidance wouldn't go amiss. I have entered a figure of 1432 for MTU as that field was empty. It hasn't made a scrap of difference though.
You need to figure out what mandriva is sending to your DNS server. Try tcpdump/wireshark to sniff the network. It will also be useful to use "dig" to make explicit lookups to the DNS servers, to see if they send prompt responses.
Neither of those 2 packages are installed and I've been busy doing something else and so haven't yet had time to install them. I did try the dig thing though and that came back with :- [root@MSI chris]# dig
; <<>> DiG 9.6.1-P3 <<>> ;; global options: +cmd ;; connection timed out; no servers could be reached
That doesn't look good to me.
On 28/05/10 21:34, Chris Walker wrote:
On 27/05/10 21:50, Martijn Koster wrote:
Chris Walker wrote:
With the Huawei, Windows will do lookups fine but Mandriva takes ages for everything, web searches, mail and so on. Sending this message sat there for ages doing a lookup for the smtp address before I cancelled it to add this.
I *think* I've got both sides, Windows 7 and Mandriva, setup the same with DHCP for both IP address and DNS servers but is there anything I can try before I rip the Huawei out and put back the D-Link?
If I had indeed swapped out the Huawei and re-installed the D-Link, it would have solved the problem but of course, I would not have known why.
I had both sides of the machine (Windows and Mandriva) set to DHCP for both IP address and DNS details.
If I looked at /etc/resolv.conf it showed this :- # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 192.168.1.1 search 520b.com
The puzzle was the last line. One of my sons visited yesterday and told me that the router was providing that. Sure enough, a web search revealed that lots of people were complaining in Talktalk forums about slow searches and reaching a chinese site.
Rather than involve myself with more agravation swapping out the router yet again, I have simply disabled the DNS setting and manually entered the DNS entries for Talktalk.
What I find annoying is that Talktalk have known about this for some months - the discussions online took place last year - and yet they're still sending out hardware with badly written firmware. Who knows what else is coded in there. But perhaps that's just my cynical nature to expect such things.
Can I offer a public thank-you to Martijn who offered to come round and do the setup for me.
On 01/06/10 10:42, Chris Walker wrote:
What I find annoying is that Talktalk have known about this for some months - the discussions online took place last year - and yet they're still sending out hardware with badly written firmware. Who knows what else is coded in there. But perhaps that's just my cynical nature to expect such things.
Can I offer a public thank-you to Martijn who offered to come round and do the setup for me.
That sounds worse than "badly written" that sounds compromised.
If there is a Huawei DNS server in china that these routers are pushing DNS lookups to then this could have either been logging your activity or worse poisoning lookups so that your bank's domain for example points to a phishing site. I can't think of any reason Huawei would have for hard coding the DNS to their own server that isn't nefarious.
Although at the moment it seems broken as I can't get it to resolve anything, I was trying to see if it returned the "correct" results for paypal, ebay and common banks etc.
On 01/06/10 11:06, Wayne Stallwood wrote:
On 01/06/10 10:42, Chris Walker wrote:
What I find annoying is that Talktalk have known about this for some months - the discussions online took place last year - and yet they're still sending out hardware with badly written firmware. Who knows what else is coded in there. But perhaps that's just my cynical nature to expect such things.
Can I offer a public thank-you to Martijn who offered to come round and do the setup for me.
That sounds worse than "badly written" that sounds compromised.
If there is a Huawei DNS server in china that these routers are pushing DNS lookups to then this could have either been logging your activity or worse poisoning lookups so that your bank's domain for example points to a phishing site. I can't think of any reason Huawei would have for hard coding the DNS to their own server that isn't nefarious.
Although at the moment it seems broken as I can't get it to resolve anything, I was trying to see if it returned the "correct" results for paypal, ebay and common banks etc.
It resolved to this yesterday - http://www.5542.com/ which seems to be just a site showing off women's clothes. But that's probably because I can't read Chinese.
On 1 June 2010 11:17, Chris Walker cdw_alug@the-walker-household.co.uk wrote:
It resolved to this yesterday - http://www.5542.com/ which seems to be just a site showing off women's clothes. But that's probably because I can't read Chinese.
http://www.talktalkmembers.com/forums/showthread.php?t=43216
http://www.webboar.com/www/5542.com
There are lots of hits if you google for the domain name. Might be also worth checking with the sites that NoScript mentions as checkers.
http://noscript.net/about/5542.com;5542.com
Regards, Srdjan
-
Chris Walker -
Martijn Koster -
Srdjan Todorovic -
Wayne Stallwood