hello. really? my first post have a tcpdump capture packet, dig trace...
On Sat, Jan 15, 2022 at 2:14 PM G.W. Haywood via bind-users < bind-users@lists.isc.org> wrote: > Hi there, > > On Sat, 15 Jan 2022, Diego Garcia wrote: > > > Still with problems. That setup was running fine for few years. > > But you changed something. > > > Bind Server is on DMZ and doing NAT for the local net. Test Server is > > behing NAT > > > > Must have another problem > > > > I try this days a lot of things and nothing works, > > Generally speaking, if you set things up right, BIND Just Works. It > must be a couple of decades since I last had to fiddle with anything > to fix a broken BIND server. > > It is not helpful to us if you tell us that you have tried a lot of things. > It would be much more helpful if you told us exactly what you have tried > and exactly what were the results. You need to be methodical and precise. > > > think in try reinstall but i preferred to know what happened and solve it > > 'Reinstall' to me means the sort of thing that you do if you're > working on a Windows box. If you're using a real computer it's > usually much better to find out what's going wrong and fix it. > > > ... > > network unreachable resolving 'play.google.com/A/IN': 216.239.36.10#53 > > ... > > If you are getting 'network unreachable' messages then likely there's > something wrong with your network setup. Before doing anything else, > you need to fix that. It may or may not be a problem of your making, > but given that you said you are using BIND on a server in a DMZ then I > suspect that it is. Using a DMZ will make things more complicated and > the faults will be more difficult to diagnose - especially for people > on mailing lists to whom you give little and very poor information. > > It *looks* like BIND is trying to make queries but failing to connect > to anything to make them. > > You do not appear to have acted on the good advice which was given to > you after your previous post. Are you able to use tools like 'ping' > and 'traceroute' to diagnose network problems, also like Wireshark or > tcpdump to inspect network traffic? These would be my first steps in > approaching this kind of problem. You will need to know that packets > from the BIND server can go where they're supposed to go and replies > reach the server in good time. You might also need to be able to see > exactly what BIND sends, where it sends it, exactly what it receives > (if anything) in reply to what it sends, and perhaps where the replies > come from. If there are no replies, or the replies go to the wrong > place, you need to be able to show that and find out why. > > What exactly are you trying to achieve which cannot be achieved by > simply using a public DNS service, or one provided by your ISP? > > -- > > 73, > Ged. > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users