monline

I've found that in certain cases Firefox can "hang" (wait for something and not respond ) while loading a site after a click. It turns out that another possible issue is with DNS lookups.

I've experienced the same 5 second long DNS lookups on a Debian 6.* (Squeeze) server using amd64 architecture and the options single-request in /etc/resolv.conf helped me too. Using strace -T ... on the command that exhibits the slow DNS behaviour you can easily identify the culprit.

Unfortunately the dhcp3-client package in Debian does not support (yet) the sending of the configured hostname to the DHCP server. Ubuntu has a custom patch that makes this possible (it was added 4 years ago!), but the Debian package maintainer did not feel this to be important enough to add a patch to Debian's package too. The bugreport on the issue is now 9 years old and a solution for Debian users/admins is still not available (apart from hard coding the hostname into the DHCP client config file of course). It seems that the latest upstream version (>=4.2.0) of the DHCP client already contains support for sending the actual hostname to the DHCP server (btw. 4.2.0 was released in December 2009), but this will get into Debian only with the next major version (the one that'll follow Squeeze, currently codename "Wheezy"). No rush ... we can wait a couple of more years ... maybe a fix'll be available by the time my (future) kids try to install linux on their PC/mobile/watch/whatever. You've got to love Debian's "stableness". It's either that or you can try your luck with the ever changing (and breaking) Ubuntu. Unfortunately there's nothing in between. Of course one can always turn to a different distro ... RedHat, etc.

Here's the problem: you're allowing access to some ports of your server based on source IPs. This is common practise, even if it's not 100% secure (since source IPs can be spoofed in certain situations). However what if you've no fixed source IP address(es) (which is common practise too) that you can feed into iptables rules? You can register a domain name at a dynamic DNS provider (eg. dyndns.org) and have your client (a DSL router or a client app on your PC) automatically update the IP of that domain name, whenever your client's internet connection get's up. But still, iptables does not allow use of domain names in firewall rules (and it's good so ). Here's where my script comes into play. It allows you to specify a list of domain names and destinations (host+port) for which the script will automatically generate permitting iptables rules.

DD-WRT has a lightweight, caching DNS proxy with integrated DHCP(+TFTP) server built in (dnsmasq). It's well suited for use on your home LAN and has a number of options so you can tweak it to your needs. You can add these options in DD-WRT's config in the "Services" tab in the "Additional DNSMasq Options" textarea. Here're the options I use ...

I did not know how exactly MTAs work, when they try to deliver a mail to the recipient. airwin helped me out: the MTA tries to look for an MX record for the given domain name. If found, then the given mail server is contacted. If not, then the host with the given domain name is contacted directly.

This article at macosxhints.com describes it pretty well. You've to use the scutil utility.