Second IP = slow DNS performance
A couple days ago I purchased a second IP address for my server. Ever since then, I've noticed some degraded performance, especially with respect to DNS. Could it be that I've got something misconfigured?
I am running Fedora Core 10 on the Linode.
My two IP addresses are:
97.107.133.118
97.107.138.204
Notice that they are on different subnets.
I'll paste in the output of various commands:
# ip addr show eth0
3: eth0: <broadcast,multicast,up,lower_up>mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether fe:fd:61:6b:85:76 brd ff:ff:ff:ff:ff:ff
inet 97.107.133.118/24 brd 97.107.133.255 scope global eth0
inet 97.107.138.204/24 brd 97.107.138.255 scope global eth0:0
inet6 fe80::fcfd:61ff:fe6b:8576/64 scope link
valid_lft forever preferred_lft forever
# cat /etc/sysconfig/network-scripts/ifcfg-eth0
# Realtek Semiconductor Co., Ltd. RTL-8029(AS)
DEVICE=eth0
BOOTPROTO=none
HWADDR=00:1c:42:57:f6:be
ONBOOT=yes
NM_CONTROLLED=
IPADDR=97.107.133.118
NETMASK=255.255.255.0
GATEWAY=97.107.133.1
# cat /etc/sysconfig/network-scripts/ifcfg-eth0:0
# Realtek Semiconductor Co., Ltd. RTL-8029(AS)
DEVICE=eth0:0
BOOTPROTO=none
HWADDR=00:1c:42:57:f6:be
ONBOOT=yes
NM_CONTROLLED=
IPADDR=97.107.138.204
NETMASK=255.255.255.0
GATEWAY=97.107.138.1
# cat /etc/resolv.conf
# Generated by NetworkManager
domain members.linode.com
search members.linode.com
nameserver 207.192.69.4
nameserver 207.192.69.5
nameserver 97.107.133.4
# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp --icmp-type any -j ACCEPT
-A INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A INPUT -m udp -p udp --dport 53 -j ACCEPT
-A INPUT -m udp -p udp --dport 161 -j ACCEPT
-A INPUT -m udp -p udp --dport 554 -j ACCEPT
-A INPUT -m udp -p udp --dport 1755 -j ACCEPT
-A INPUT -m udp -p udp --dport 7070 -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 20 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 81 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 554 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 1220 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 1530 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 1755 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 7070 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9090 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
97.107.133.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
97.107.138.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 97.107.138.1 0.0.0.0 UG 0 0 0 eth0</broadcast,multicast,up,lower_up>
I've done a tcpdump to monitor traffic on port 53, then tried to do some DNS lookups. Sometimes the packets go out on one IP address, sometimes they go out on the other. Could it be that iptables is blocking some of the incoming packets? The iptables rules don't explicitly mention any interface, so I'm assuming the rules apply for any interface.
My questions are:
1. Should I request that both IP addresses be on the same subnet?
2. What do I need to change in my networking setup so that things operate more smoothly?
Thanks!