Re: host unreachable. -- a bit more info
hi, thanks for the replies. however, i didn't learn much. i'm more of a network newbie than i thought. but what i can say is this: (repeating the problem) i get zillions of these msgs: Jan 10 12:36:24 ns2 named[3037]: client 10.4.1.6#59926: view internal: error sending response: host unreachable i CAN do an AXFR from 10.4.1.6 to ns2 that is, dig @10.4.1.6 arlut.utexas.edu AXFR does give me output. on 10.4.1.6, dig @146.6.211.1 arlut.utexas.edu AXFR ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_5.3 @146.6.211.1 arlut.utexas.edu AXFR ; (1 server found) ;; global options: printcmd ; Transfer failed. now, when i attempt that AXFR, the error message is NOT like the symptom i have. so i conclude that my problem is not AXFR (or IXFR, similar experiment). so what is this msg talking about? Jan 10 12:36:24 ns2 named[3037]: client 10.4.1.6#59926: view internal: error sending response: host unreachable i'm starting to think it might be just an ordinary dns lookup. j. -- Jay Scott 512-835-3553g...@arlut.utexas.edu Head of Sun Support, Sr. System Administrator Applied Research Labs, Computer Science Div. S224 University of Texas at Austin ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: host unreachable. -- a bit more info
Jay G. Scott wrote: hi, thanks for the replies. however, i didn't learn much. i'm more of a network newbie than i thought. but what i can say is this: (repeating the problem) i get zillions of these msgs: Jan 10 12:36:24 ns2 named[3037]: client 10.4.1.6#59926: view internal: error sending response: host unreachable i CAN do an AXFR from 10.4.1.6 to ns2 that is, dig @10.4.1.6 arlut.utexas.edu AXFR does give me output. on 10.4.1.6, dig @146.6.211.1 arlut.utexas.edu AXFR ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_5.3 @146.6.211.1 arlut.utexas.edu AXFR ; (1 server found) ;; global options: printcmd ; Transfer failed. now, when i attempt that AXFR, the error message is NOT like the symptom i have. so i conclude that my problem is not AXFR (or IXFR, similar experiment). so what is this msg talking about? Jan 10 12:36:24 ns2 named[3037]: client 10.4.1.6#59926: view internal: error sending response: host unreachable i'm starting to think it might be just an ordinary dns lookup. j. Jay Please do the following two queries from the secondary server and show us the results: dig @146.6.211.1 +tcp arlut.utexas.edu dig @146.6.211.1 -tcp arlut.utexas.edu Lyle Giese LCR Computer Services, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: host unreachable. -- a bit more info
On Mon, Jan 10, 2011 at 12:41:48PM -0600, Jay G. Scott wrote: hi, thanks for the replies. however, i didn't learn much. i'm more of a network newbie than i thought. but what i can say is this: (repeating the problem) i get zillions of these msgs: Jan 10 12:36:24 ns2 named[3037]: client 10.4.1.6#59926: view internal: error sending response: host unreachable i CAN do an AXFR from 10.4.1.6 to ns2 that is, dig @10.4.1.6 arlut.utexas.edu AXFR does give me output. on 10.4.1.6, dig @146.6.211.1 arlut.utexas.edu AXFR ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_5.3 @146.6.211.1 arlut.utexas.edu AXFR ; (1 server found) ;; global options: printcmd ; Transfer failed. now, when i attempt that AXFR, the error message is NOT like the symptom i have. so i conclude that my problem is not AXFR (or IXFR, similar experiment). so what is this msg talking about? Jan 10 12:36:24 ns2 named[3037]: client 10.4.1.6#59926: view internal: error sending response: host unreachable i'm starting to think it might be just an ordinary dns lookup. heh. no. of course not. suddenly realized that i could test that, and, no, that's not it. so what could it be? j. j. -- Jay Scott 512-835-3553g...@arlut.utexas.edu Head of Sun Support, Sr. System Administrator Applied Research Labs, Computer Science Div. S224 University of Texas at Austin ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Jay Scott 512-835-3553g...@arlut.utexas.edu Head of Sun Support, Sr. System Administrator Applied Research Labs, Computer Science Div. S224 University of Texas at Austin ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: host unreachable. -- a bit more info
On Mon, Jan 10, 2011 at 12:52:16PM -0600, Lyle Giese wrote: [snip] Jay Please do the following two queries from the secondary server and show us the results: dig @146.6.211.1 +tcp arlut.utexas.edu dig @146.6.211.1 -tcp arlut.utexas.edu Lyle Giese LCR Computer Services, Inc. okay. but it doesn't seem to like -tcp as an arg. thanks for helping. [r...@ns5 ~]# dig @146.6.211.1 +tcp arlut.utexas.edu ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_5.3 @146.6.211.1 +tcp arlut.utexas.edu ; (1 server found) ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 15938 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;arlut.utexas.edu. IN A ;; AUTHORITY SECTION: arlut.utexas.edu. 300 IN SOA csdsun9.arlut.utexas.edu. root.arlut.utexas.edu. 2011011010 10800 600 604800 300 ;; Query time: 0 msec ;; SERVER: 146.6.211.1#53(146.6.211.1) ;; WHEN: Mon Jan 10 14:49:55 2011 ;; MSG SIZE rcvd: 83 --- [r...@ns5 ~]# dig @146.6.211.1 -tcp arlut.utexas.edu ;; Warning, ignoring invalid type cp ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_5.3 @146.6.211.1 -tcp arlut.utexas.edu ; (1 server found) ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 23674 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;arlut.utexas.edu. IN A ;; AUTHORITY SECTION: arlut.utexas.edu. 300 IN SOA csdsun9.arlut.utexas.edu. root.arlut.utexas.edu. 2011011010 10800 600 604800 300 ;; Query time: 0 msec ;; SERVER: 146.6.211.1#53(146.6.211.1) ;; WHEN: Mon Jan 10 14:50:27 2011 ;; MSG SIZE rcvd: 83 -- Jay Scott 512-835-3553g...@arlut.utexas.edu Head of Sun Support, Sr. System Administrator Applied Research Labs, Computer Science Div. S224 University of Texas at Austin ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: host unreachable. -- a bit more info
sorry about that. I don't normally use these options But it's dig @146.6.211.1 +tcp arlut.utexas.edu dig @146.6.211.1 +notcp arlut.utexas.edu But UDP is default and the second query should have been transmitted using UDP. The end result is that you have TCP and UDP port 53 openned properly in the firewalls between the two sites. BTW, zone transfers are done using TCP because of their size. Small queries try to use UDP first. This is starting to sound more like the master is not allowing your site to get a zone transfer. That is an ACL issue for the master site. Lyle Giese LCR Computer Services, Inc. Jay G. Scott wrote: On Mon, Jan 10, 2011 at 12:52:16PM -0600, Lyle Giese wrote: [snip] Jay Please do the following two queries from the secondary server and show us the results: dig @146.6.211.1 +tcp arlut.utexas.edu dig @146.6.211.1 -tcp arlut.utexas.edu Lyle Giese LCR Computer Services, Inc. okay. but it doesn't seem to like -tcp as an arg. thanks for helping. [r...@ns5 ~]# dig @146.6.211.1 +tcp arlut.utexas.edu ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_5.3 @146.6.211.1 +tcp arlut.utexas.edu ; (1 server found) ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 15938 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;arlut.utexas.edu. IN A ;; AUTHORITY SECTION: arlut.utexas.edu. 300 IN SOA csdsun9.arlut.utexas.edu. root.arlut.utexas.edu. 2011011010 10800 600 604800 300 ;; Query time: 0 msec ;; SERVER: 146.6.211.1#53(146.6.211.1) ;; WHEN: Mon Jan 10 14:49:55 2011 ;; MSG SIZE rcvd: 83 --- [r...@ns5 ~]# dig @146.6.211.1 -tcp arlut.utexas.edu ;; Warning, ignoring invalid type cp ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_5.3 @146.6.211.1 -tcp arlut.utexas.edu ; (1 server found) ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 23674 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;arlut.utexas.edu. IN A ;; AUTHORITY SECTION: arlut.utexas.edu. 300 IN SOA csdsun9.arlut.utexas.edu. root.arlut.utexas.edu. 2011011010 10800 600 604800 300 ;; Query time: 0 msec ;; SERVER: 146.6.211.1#53(146.6.211.1) ;; WHEN: Mon Jan 10 14:50:27 2011 ;; MSG SIZE rcvd: 83 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: host unreachable. -- a bit more info
On 1/10/2011 2:04 PM, Jay G. Scott wrote: On Mon, Jan 10, 2011 at 12:41:48PM -0600, Jay G. Scott wrote: hi, thanks for the replies. however, i didn't learn much. i'm more of a network newbie than i thought. but what i can say is this: (repeating the problem) i get zillions of these msgs: Jan 10 12:36:24 ns2 named[3037]: client 10.4.1.6#59926: view internal: error sending response: host unreachable i CAN do an AXFR from 10.4.1.6 to ns2 that is, dig @10.4.1.6 arlut.utexas.edu AXFR does give me output. on 10.4.1.6, dig @146.6.211.1 arlut.utexas.edu AXFR ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_5.3 @146.6.211.1 arlut.utexas.edu AXFR ; (1 server found) ;; global options: printcmd ; Transfer failed. now, when i attempt that AXFR, the error message is NOT like the symptom i have. so i conclude that my problem is not AXFR (or IXFR, similar experiment). so what is this msg talking about? Jan 10 12:36:24 ns2 named[3037]: client 10.4.1.6#59926: view internal: error sending response: host unreachable i'm starting to think it might be just an ordinary dns lookup. heh. no. of course not. suddenly realized that i could test that, and, no, that's not it. so what could it be? If you're getting normal DNS queries from that IP (as well as the zone transfers), and there is a stateful firewall in front of it, it could still be ordinary queries that end up timing out when your server attempts to get an answer from the Internet. The problem would be that the state table entry in the firewall times out faster that BIND gives up on a query, so by the time your server sends the failure response, the firewall has already aged out that connection and blocks the answer. -- Dave ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
