Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.mel.connect.com.au!munnari.OZ.AU!spool.mu.edu!howland.reston.ans.net!newsfeed.internetmci.com!btnet!zetnet.co.uk!demon!pencotts.demon.co.uk From: Andrew Gordon <andrew.gordon@net-tel.co.uk> Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: User ppp dialing needlessly Date: Sat, 13 Jan 1996 13:51:12 GMT Lines: 40 Message-ID: <821541072.9149@pencotts.demon.co.uk> References: <4cse48$c2i@cyber1.servtech.com> <kientzleDL3E1F.FBI@netcom.com> NNTP-Posting-Host: pencotts.demon.co.uk X-NNTP-Posting-Host: pencotts.demon.co.uk X-Mailer: Mozilla 1.1N (X11; I; BSD/386 uname failed) MIME-Version: 1.0 X-URL: news:kientzleDL3E1F.FBI@netcom.com Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii kientzle@netcom.com wrote: >b) Reboot, run `tcpdump' > Tcpdump will watch the tun0 device and tell you every packet that > goes over the PPP link. From that, you can try to puzzle out > what programs are generating the packets and why. The default recording size doesn't give enough of the packet for the DNS protocol to be decoded fully. Try somthing like "tcpdump -i tun0 -s 128" for a more complete display. >Here are the two culprits I've found: > >a) routed. In /etc/sysconfig, change the routedflags line to: > routedflags="-q" > The default is `-s', which causes routed to broadcast routing > information every 30 seconds. (This kept my link up pretty > constantly until I disabled it.) Chances are, with a single ppp link to an ISP, you don't want routed at all - your ISP doesn't want routing info from you, and you are just default routing all packets to the ISP. So routedflags=NO may be more appropriate. >b) sendmail. I haven't completely tracked this down, but the > likely-looking culprits are the sendmail_flags in /etc/sysconfig > (I removed the -q30m option), and the line "OI" in /etc/sendmail.cf. > (I commented out this line.) > > Even with these changes, my system still brings up the link > everytime sendmail runs (for example, with `mailq'). Per tcpdump, > it's some sort of DNS activity from sendmail, but I'm not enough of > a network (or sendmail) expert to be able to say more than that. > Maybe someone here can suggest something? One partial solution is to run your own nameserver (probably a caching-only one, which then forwards all requests to the system you were using previously, plus perhaps a bogus authoritative entry for your own machine). This won't fix everything, but will reduce the level of DNS activity - particularly when sending mail to yourself.