Re: problem with bind911 or 914
Looks to me like either a firewall or policy issue, not BIND. Back a decade ago, many firewalls defaulted to blocking tcp/53. This was based on the unfortunate decision to list the use of tcp/53 as "SHOULD" in the RFC instead of "MUST", but this should produce a timeout,not a host unreachable. "host unreachable" is should be the result of an ICMP message coming back from a router. no it wasn't any firewall setting but net.inet.tcp.soreceive_stream=1 ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: problem with bind911 or 914
On Wed, May 22, 2019 at 8:54 AM Wojciech Puchar wrote: > i've reinstalled bind914 (and then tried 911 too) after updating to latest > FreeBSD-11 > > and the problem is that bind cannot perform any TCP transfers > > in logs i'm getting like this > > May 22 20:50:55 <3.6> puchar named[67338]: transfer of > 'icetransport.pl/IN' from 84.10.41.58#53: connected using > 194.1.144.90#44228 > May 22 20:50:55 <3.3> puchar named[67338]: transfer of > 'icetransport.pl/IN' from 84.10.41.58#53: failed while receiving > responses: host > May 22 20:50:55 <3.6> puchar named[67338]: transfer of > 'icetransport.pl/IN' from 84.10.41.58#53: Transfer status: host > unreachable > May 22 20:50:55 <3.6> puchar named[67338]: transfer of > 'icetransport.pl/IN' from 84.10.41.58#53: Transfer completed: 0 messages, > 0 recor > > > while on 84.10.41.58 i see > > May 22 20:50:51 icetransport named[4479]: client @0x3bc271400 > 194.1.144.90#44228 (icetransport.pl): transfer of 'icetransport.pl/IN': > AXFR started (serial 3873) > May 22 20:50:51 icetransport named[4479]: client @0x3bc271400 > 194.1.144.90#44228 (icetransport.pl): transfer of 'icetransport.pl/IN': > AXFR ended > May 22 20:50:51 icetransport named[4479]: client @0x3c0129400 > 194.1.144.90#44231 (icetransport.pl): transfer of 'icetransport.pl/IN': > AXFR started (serial 3873) > May 22 20:50:51 icetransport named[4479]: client @0x3c0129400 > 194.1.144.90#44231 (icetransport.pl): transfer of 'icetransport.pl/IN': > AXFR ended > > > using FreeBSD base system host program i can transfer this domain without > problem too. > > > this way named now cannot update any of domains from master server. > > furthermore i see LOTS of things like this in log: > > May 22 20:51:10 <3.3> puchar named[67338]: dispatch 0x804544e00: shutting > down due to TCP receive error: 193.108.91.73#53: host unreachable > > > > seems like named connect properly over tcp and then reports error. > > Any idea what's this and how to fix it? > Looks to me like either a firewall or policy issue, not BIND. Back a decade ago, many firewalls defaulted to blocking tcp/53. This was based on the unfortunate decision to list the use of tcp/53 as "SHOULD" in the RFC instead of "MUST", but this should produce a timeout,not a host unreachable. "host unreachable" is should be the result of an ICMP message coming back from a router. Take a look at the traffic with tcpdump or wireshark and see if you are getting no response (firewall) or an ICMP Host Unreachable. If the latter, it is coming from a router between you and Akamai and is the result of policy; most likely of your ISP. In neither case is you local BIND at fault. Historically ISPs have loved to play rude games with DNS, either deliberately or due to software flaws in things like load balancers. -- Kevin Oberman, Part time kid herder and retired Network Engineer E-mail: rkober...@gmail.com PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683 ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
FIXED Re: problem with bind911 or 914
net.inet.tcp.soreceive_stream=1 was the problem. turning it off fixed things On Wed, 22 May 2019, Wojciech Puchar wrote: i've reinstalled bind914 (and then tried 911 too) after updating to latest FreeBSD-11 and the problem is that bind cannot perform any TCP transfers in logs i'm getting like this May 22 20:50:55 <3.6> puchar named[67338]: transfer of 'icetransport.pl/IN' from 84.10.41.58#53: connected using 194.1.144.90#44228 May 22 20:50:55 <3.3> puchar named[67338]: transfer of 'icetransport.pl/IN' from 84.10.41.58#53: failed while receiving responses: host May 22 20:50:55 <3.6> puchar named[67338]: transfer of 'icetransport.pl/IN' from 84.10.41.58#53: Transfer status: host unreachable May 22 20:50:55 <3.6> puchar named[67338]: transfer of 'icetransport.pl/IN' from 84.10.41.58#53: Transfer completed: 0 messages, 0 recor while on 84.10.41.58 i see May 22 20:50:51 icetransport named[4479]: client @0x3bc271400 194.1.144.90#44228 (icetransport.pl): transfer of 'icetransport.pl/IN': AXFR started (serial 3873) May 22 20:50:51 icetransport named[4479]: client @0x3bc271400 194.1.144.90#44228 (icetransport.pl): transfer of 'icetransport.pl/IN': AXFR ended May 22 20:50:51 icetransport named[4479]: client @0x3c0129400 194.1.144.90#44231 (icetransport.pl): transfer of 'icetransport.pl/IN': AXFR started (serial 3873) May 22 20:50:51 icetransport named[4479]: client @0x3c0129400 194.1.144.90#44231 (icetransport.pl): transfer of 'icetransport.pl/IN': AXFR ended using FreeBSD base system host program i can transfer this domain without problem too. this way named now cannot update any of domains from master server. furthermore i see LOTS of things like this in log: May 22 20:51:10 <3.3> puchar named[67338]: dispatch 0x804544e00: shutting down due to TCP receive error: 193.108.91.73#53: host unreachable seems like named connect properly over tcp and then reports error. Any idea what's this and how to fix it? ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org" ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
problem with bind911 or 914
i've reinstalled bind914 (and then tried 911 too) after updating to latest FreeBSD-11 and the problem is that bind cannot perform any TCP transfers in logs i'm getting like this May 22 20:50:55 <3.6> puchar named[67338]: transfer of 'icetransport.pl/IN' from 84.10.41.58#53: connected using 194.1.144.90#44228 May 22 20:50:55 <3.3> puchar named[67338]: transfer of 'icetransport.pl/IN' from 84.10.41.58#53: failed while receiving responses: host May 22 20:50:55 <3.6> puchar named[67338]: transfer of 'icetransport.pl/IN' from 84.10.41.58#53: Transfer status: host unreachable May 22 20:50:55 <3.6> puchar named[67338]: transfer of 'icetransport.pl/IN' from 84.10.41.58#53: Transfer completed: 0 messages, 0 recor while on 84.10.41.58 i see May 22 20:50:51 icetransport named[4479]: client @0x3bc271400 194.1.144.90#44228 (icetransport.pl): transfer of 'icetransport.pl/IN': AXFR started (serial 3873) May 22 20:50:51 icetransport named[4479]: client @0x3bc271400 194.1.144.90#44228 (icetransport.pl): transfer of 'icetransport.pl/IN': AXFR ended May 22 20:50:51 icetransport named[4479]: client @0x3c0129400 194.1.144.90#44231 (icetransport.pl): transfer of 'icetransport.pl/IN': AXFR started (serial 3873) May 22 20:50:51 icetransport named[4479]: client @0x3c0129400 194.1.144.90#44231 (icetransport.pl): transfer of 'icetransport.pl/IN': AXFR ended using FreeBSD base system host program i can transfer this domain without problem too. this way named now cannot update any of domains from master server. furthermore i see LOTS of things like this in log: May 22 20:51:10 <3.3> puchar named[67338]: dispatch 0x804544e00: shutting down due to TCP receive error: 193.108.91.73#53: host unreachable seems like named connect properly over tcp and then reports error. Any idea what's this and how to fix it? ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"