[RndTbl] home network hangs up when ISP diconnected

Trevor Cordes trevor at tecnopolis.ca
Mon Nov 21 23:51:10 CST 2016

On 2016-11-21 c0l0nelFlagg wrote:
> What I am trying to find out is if the smoothwall is acting as a
> local dhcp server, a local dns caching server as well as the gateway
> why is everything grinding to a halt whenever the ISP connection goes
> down? and what I can do to prevent it from stopping functions in the
> future.

You're right, it's almost certainly a DNS problem.

A caching DNS name server (NS) isn't good enough, as many domains have
short-ish TTL timeouts.  In any case, if "local" operations are bogging
down when the net is down, the issue is probably your serving-up of
local DNS names.

Do you use dynamic DNS (usually via DHCP) so that you can use the names
you assign on each computer to access each other on the network?  Or
even assign them statically on the local DNS server.  Are they setup to
update the DNS for your top-level domain, or a subdomain?  Seeing your
DNS zone files might help if you can paste them.

I have a similar setup but I use a home-brew linux firewall and have
carefully setup DNS to have both a valid "internal view" for local
computers to register their names with, and a separate "external view"
for outside-world users to use.

I have no experience with smoothwall, but if you can root ssh into it,
you can check out the DNS conf/zone files to see how it is setup.

Oh ya, your problem could also just be that you should not have a 2ndary
or 3rdary DNS set on the clients that point to the outside world.  This
could cause programs to timeout longer than they have to.  They must
suffer 3 timeouts (possibly 30-60s each?) as they step through all DNS
servers.  For clients it is sufficient to specify your firewall as the
only DNS server.

> When ISP connection is down the linux boxes are all able to see the
> NFS shares by using the host file info but samba and windows boxes just go 
> south for some reason.

If you have properly setup local authoritative DNS on the firewall you
should never need to use a host file (long obsolete).  What you write
above further proves that the problem is DNS related.

Samba and Windows (esp older ones) should be using broadcast NMB for
name lookups first, so as long as one box is a DMB/LMB it should still
work.  Newer Windows might try DNS first.  I assume you're NATing on
the firewall (internal addresses are 192.168 or 10...), so one of your
local boxes should be the DMB/LMB.  How are you specifying the other
boxes in Windows?  Just \\workstation2\ ??  Are you using workgroup
mode, or domain mode?

If you can ssh into that smoothwall and run tcpdump you could snarf all
the packets into a file and look at them on a workstation to see what
exactly is being sent (and not getting a reply).

Try getting rid of your 2nd/3rd DNS entries first and you can always
report back with more info.

More information about the Roundtable mailing list