[RndTbl] home network hangs up when ISP diconnected

Tue Nov 22 08:40:13 CST 2016

Thanks for the tips highlighted below; I will give them all a close look 
here and see if I can realize some success

On 2016-11-21 11:51 PM, Trevor Cordes wrote:
> On 2016-11-21 c0l0nelFlagg wrote:
>> What I am trying to find out is if the smoothwall is acting as a
>> local dhcp server, a local dns caching server as well as the gateway
>> why is everything grinding to a halt whenever the ISP connection goes
>> down? and what I can do to prevent it from stopping functions in the
>> future.
> You're right, it's almost certainly a DNS problem.
>
> A caching DNS name server (NS) isn't good enough, as many domains have
> short-ish TTL timeouts.  In any case, if "local" operations are bogging
> down when the net is down, the issue is probably your serving-up of
> local DNS names.
>
> Do you use dynamic DNS (usually via DHCP) so that you can use the names
> you assign on each computer to access each other on the network?  Or
> even assign them statically on the local DNS server.  Are they setup to
> update the DNS for your top-level domain, or a subdomain?  Seeing your
> DNS zone files might help if you can paste them.
Yes the smoothwall firewall PC runs as a dhcp server. For permanent 
local LAN connections though it serves up reserved IP addresses based on 
the MAC address asking to be assigned an IP address when it first 
connects to the network. Any other temporary visitors with a laptop say 
get assigned a random IP address from withing the preset range of 
available addresses that are not in the reserved list.

The local network is not assigned a domain name instead just runs with 
default localdomain settings. Basically runs in a peer-to-peer workgroup 
fashion.

>
> I have a similar setup but I use a home-brew linux firewall and have
> carefully setup DNS to have both a valid "internal view" for local
> computers to register their names with, and a separate "external view"
> for outside-world users to use.
do you have a link to a blog or tutor web site on setting this up?

>
> I have no experience with smoothwall, but if you can root ssh into it,
> you can check out the DNS conf/zone files to see how it is setup.
OK will take a look at these as well

> Oh ya, your problem could also just be that you should not have a 2ndary
> or 3rdary DNS set on the clients that point to the outside world.  This
> could cause programs to timeout longer than they have to.  They must
> suffer 3 timeouts (possibly 30-60s each?) as they step through all DNS
> servers.  For clients it is sufficient to specify your firewall as the
> only DNS server.
>
>> When ISP connection is down the linux boxes are all able to see the
>> NFS shares by using the host file info but samba and windows boxes just go
>> south for some reason.
> If you have properly setup local authoritative DNS on the firewall you
> should never need to use a host file (long obsolete).  What you write
> above further proves that the problem is DNS related.
>
> Samba and Windows (esp older ones) should be using broadcast NMB for
> name lookups first, so as long as one box is a DMB/LMB it should still
> work.  Newer Windows might try DNS first.  I assume you're NATing on
> the firewall (internal addresses are 192.168 or 10...), so one of your
> local boxes should be the DMB/LMB.  How are you specifying the other
> boxes in Windows?  Just \\workstation2\ ??  Are you using workgroup
> mode, or domain mode?
everything is just workgroup mode to avoid need to configure PDC/BDC's

>
> If you can ssh into that smoothwall and run tcpdump you could snarf all
> the packets into a file and look at them on a workstation to see what
> exactly is being sent (and not getting a reply).
>
> Try getting rid of your 2nd/3rd DNS entries first and you can always
> report back with more info.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://muug.ca/pipermail/roundtable/attachments/20161122/ab67d51b/attachment.html>