Opening FTP Connection takes 1 minute or longer

Can anyone help me figure out why opening a Tiger Server ftp connection is taking up to a minute? Once connected, uploads and downloads are fine. My setup on the Jaguar retail version opens connections in a split second. What gives???

PS. I know you may think I should be in the MAC section but I've had great success debugging my issues here with the very smart folks with FreeBSD. ;-)
HangTenDesignAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gheistCommented:
http://en.wikipedia.org/wiki/Tiger
http://en.wikipedia.org/wiki/Jaguar
????

Diagnose dns lookups
time host `hostname`

most be below second

time host client-name
time host client-ip

must be below second on second attempt.

is this builtin in.ftpd (like one on FreeBSD ???)
BarthaxCommented:
As gheist indicates, this is very likely to be a host name lookup problem and not an issue with the ftp server directly.  In addition to gheist's suggestions, I'd test the speed of connecting to the FTP server against the IP address directly instead of through the hostname.

If the hostname doesn't turn up to be the problem, then I would expect a problem at the ftp server end - but as the speed is good once connected, it doesn't look like it. :)
HangTenDesignAuthor Commented:
gheist,

I will do as you suggest this evening when I return home. Please correct me if I am wrong:

First I am going to my Shell and I am going to type in...
>time host `hostname`
...where `hostname` is the domain name of my ftp server.
 
The result must be below one second.

I will do the same as the above for the client machine name and the client IP address. These also must be below one second.

-----------------
Just wanted to let you know that I am also running Web, Mail, database etc with DNS configuration and everything is resolving appropriately and fast.

-----------------



Exploring SQL Server 2016: Fundamentals

Learn the fundamentals of Microsoft SQL Server, a relational database management system that stores and retrieves data when requested by other software applications.

HangTenDesignAuthor Commented:
I will answer this question as well...

"is this builtin in.ftpd (like one on FreeBSD ???)"
gheistCommented:
from man dtpd on FtrrBSD 5.3
-W      Do not log FTP sessions to /var/log/wtmp

logging to wtmp induces gethostbyaddr() call to get name for user address and minute seems to be its timeout ....
gheistCommented:
my fingers again ....
man ftpd, from FreeBSD
HangTenDesignAuthor Commented:
gheist,

I saw that man page -W switch but not quite sure how to use it.

When I was at work today, I WSFTPd to my server and watched it pass the commands. It was hanging for the minute on the password authentication. The I went in with bash Terminal and again, saw that it connects immediately to the host but hangs after I enter the password. Aside from authentication being way to long, all other aspects are fine. But I want to offer FTP to my clients and this is unacceptable. I wonder what would cause authentication to take so long??? Believe me, I have scoured the Internet before posting here and couldn't find anything. It's crazy.
HangTenDesignAuthor Commented:
So listen to this....I installed the Tiger Server OS on my G4 tower and the FTP is working fast and without any noticeable problems. It had been running on a G3 IMac temporarily until I got the tower set up. Why would it make a difference what Hardware it is running on? Everything else worked normally.

Very strange.
gheistCommented:
The suspicious thing is DNS - is a dns setup ( ? in /etc/resolv.conf and /etc/nsswitch.conf) any different ???
Is client that connects the same or different ???
gheistCommented:
Ok the complete problem determination procedure:

Use tcpdump on OSX host:
tcpdump -s 1600 -w dumpfile

now run sucky ftp session

gzip dumpfile, and get it open somewhere with ethereal ( www.ethereal.com )

You can add "host ip.of.ftp.client" in the end of tcpdump line, if your MAC has much other traffic.

HangTenDesignAuthor Commented:
gheist,

Ok, I have done all you have instructed. I was able to open up the file in ethereal but not sure how to translate this data to solve my problem. I have #, Time, Source (MAC), Destination (MAC), Source (IP), Destination (IP), Protocol, and Size.

BTW, thank you again for this wisdom!

htd
gheistCommented:
use "track TCP stream" or smth like that for port 21 connection

fear not this program
BarthaxCommented:
Ethereal is a superb program.  As you have a very recent version of it you should be able to put the acronym ftp into the filter & Ethereal will filter out everything else. :)
gheistCommented:
I guess asker is stuck with somewhat older MAC version for now.
The main thing I wanted to show is DNS request without reply following tcp connection.... which makes things slow as hell.
HangTenDesignAuthor Commented:
Actually, I have the latest and greatest. Just need to know what to look for and how to translate it.

Let me study it to see if there is a "DNS request without reply following tcp connection." I will report back with more info soon.

Asker
gheistCommented:
usually it is PTR request to DNS server with in-addr.arpa domain
and ethereal finds no response when you follow that stream.
jrssystemsnetCommented:
You're almost certainly having issues with your ftpd either attempting to do reverse DNS identification of incoming requests.  Man ftpd and look up how to turn hostname lookups off.  If your server is doing reverse DNS lookups, it WILL take forever for most clients to connect - not because of anything wrong in YOUR dns setup on your server, but because most clients won't have valid reverse DNS for their IP address, so it will have to wait for a timeout on the hostname lookup before the session can begin.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
HangTenDesignAuthor Commented:
jrssystemsnet,

I am going away for the weekend but I will do this Sunday night when I return. I am very excited about this and PRAY that it works. I've been researching and trying different things for a couple weeks now. My DNS has been validated as good set up. So.........

HTD
gheistCommented:
Yet another to try, especially if you use GER or IPSEC between you and client or nameserver
sysctl -w net.inet.tcp.path_mtu_discovery=0
HangTenDesignAuthor Commented:
jrssystemsnet,

I most certainly was having an issue with ftpd or in my case xftpd. I added a line to the ftpaccess file to not look up client username.

            do_rfc931          no

            When specified, the xftpd(8)  server  will  suppress  the  use  of
            RFC931  (AUTH/ident)  to  attempt to determine the username on the
            client.  This behavior may also be  suppressed  by  providing  the
            command line argument '-I' to xftpd(8).

Thanks again for a great suggestion leading to my solution. And thank you gheist for helping dig further and finding more ways to troubleshoot.

Until next time...

HTD
gheistCommented:
That slows sendmail mailer too btw
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Unix OS

From novice to tech pro — start learning today.