In message <865284.37771...@web36203.mail.mud.yahoo.com>, Shi Jin writes: > > > "host unreachable" is one of the clearer error messages, so > > you need > > to do some digging. From the box that you've set up bind9 > > on you'll > > need to use dig to query the ISP's name servers. If that > > works, then > > you'll have to use tcpdump on that box to find out what > > named is doing. > > > > Doug > > > Thank you very much. > Your suggestion to use "tcpdump" actually is very helpful. It clearly shows: > ICMP host 216.171.238.67 unreachable - admin prohibited, length 87
Yet you claim that dig to 216.171.238.67 works. I think you need to provide a full trace not the summary that a plain tcpdump gives. Add -Xvvv to the set of flags you used with tcpdump. > So I think this most likely has to do with the firewall setup. Probably I > should enable ICMP redirect? Could anyone confirm? And > is this safe? > > Thank you very much. > Shi > > > > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users