Hi, I seem to have some weird DNS problem where my DNS server will not or is unable to respond to some requests (Latest 7.1 updates) The problem appears to be the actual name being requested since most names always work (but I'm not sure how others work when this one doesn't) At the bottom are 2 tcpdumps based on the ether address of the machine requesting the DNS resolution (I used ether in case there was something else happening not IP based that I couldn't see or the address was being changed by something) The first example with a.b.c.15 just shows the problem The second example with a.b.c.9 show www.google.com working (I don't even understand this one since there appears to be no reply) and then the same failure as the first example If the request works, I only see the same as the first line of the dump, but when it fails (always on whirlpool.net.au) I see all the rest of the dump shown. I also have a Netgear 5 port switch which filters out a lot of the network traffic (I'll consider bypassing that next in case it has something to do with it - but I doubt it is the cause)
a.b.c.1 is the DNS server a.b.c.9 is the Win98SE machine a.b.c.9 has ether address 00:a0:cc:52:c6:7a a.b.c.15 is the Linux machine a.b.c.15 has the ether address 00:e0:18:1c:d2:52 nslookup works so I guess the problem could be my DNS setup ... but I don't understand the output I am getting ... the .15 computer is also running a cacheing nameserver (but the problem also occurs on the Win98SE machine not running any DNS services) The .15 and the Win98SE computers get masqueraded on the way out to the internet but I can't see that being related to the problem since all the computers are on the same local network (with just switches and hubs between them) Obviously the last part of each dump is the problem but I don't understand how that message could be generated. i.e. how does it know the UDP port is unreachable? (it may well be correct but I don't know how it knows since this is should be a full dump of all the data sent over the wire) The problem is not firewall related I've obviously misunderstood something, but I'm at a loss. I'll try reinstalling the DNS and the .15 computer on the weekend with 7.2 just to be sure it isn't a 7.1 problem, but until then ... ============================================================================ # tcpdump -l -n ether host 00:e0:18:1c:d2:52 User level filter, protocol ALL, TURBO mode (575 frames), datagram packet sockettcpdump: listening on all devices 12:17:18.090000 eth0 < a.b.c.15.32772 > a.b.c.1.domain: 20682+ A? whirlpool.net.au. (34) (DF) 12:17:23.080000 eth0 < arp who-has a.b.c.1 tell a.b.c.15 12:17:23.090000 eth0 < a.b.c.15.32772 > a.b.c.1.domain: 20682+ A? whirlpool.net.au. (34) (DF) 12:17:28.100000 eth0 < a.b.c.15.32772 > a.b.c.1.domain: 20683+ A? whirlpool.net.au.k1k2.com. (43) (DF) 12:17:28.100000 eth0 < a.b.c.15.32772 > a.b.c.1.domain: 20684+ A? whirlpool.net.au. (34) (DF) 12:17:33.100000 eth0 < arp reply a.b.c.15 is-at 0:e0:18:1c:d2:52 (0:0:e8:de:a3:6f) 12:17:33.110000 eth0 < a.b.c.15.32772 > a.b.c.1.domain: 20684+ A? whirlpool.net.au. (34) (DF) 12:17:38.120000 eth0 < a.b.c.15.32772 > a.b.c.1.domain: 20685+ A? whirlpool.net.au.k1k2.com. (43) (DF) 12:17:47.080000 eth0 < a.b.c.15 > a.b.c.1: icmp: a.b.c.15 udp port 32772 unreachable [tos 0xc0] 12:17:47.080000 eth0 < a.b.c.15 > a.b.c.1: icmp: a.b.c.15 udp port 32772 unreachable [tos 0xc0] 12:17:47.080000 eth0 < a.b.c.15 > a.b.c.1: icmp: a.b.c.15 udp port 32772 unreachable [tos 0xc0] 12:17:47.080000 eth0 < a.b.c.15 > a.b.c.1: icmp: a.b.c.15 udp port 32772 unreachable [tos 0xc0] 12:17:47.080000 eth0 < a.b.c.15 > a.b.c.1: icmp: a.b.c.15 udp port 32772 unreachable [tos 0xc0] 12:17:47.080000 eth0 < a.b.c.15 > a.b.c.1: icmp: a.b.c.15 udp port 32772 unreachable [tos 0xc0] 133 packets received by filter ============================================================================ # tcpdump -l -n ether host 00:a0:cc:52:c6:7a User level filter, protocol ALL, TURBO mode (575 frames), datagram packet sockettcpdump: listening on all devices 17:06:55.710000 eth0 < a.b.c.9.1032 > a.b.c.1.domain: 2+ A? www.google.com. (32) --------------------------------------- 17:08:23.770000 eth0 < a.b.c.9.1035 > a.b.c.1.domain: 3+ A? whirlpool.net.au. (34) 17:08:25.280000 eth0 < a.b.c.9.1035 > a.b.c.1.domain: 3+ A? whirlpool.net.au. (34) 17:08:27.780000 eth0 < a.b.c.9.1035 > a.b.c.1.domain: 3+ A? whirlpool.net.au. (34) 17:08:32.270000 eth0 < a.b.c.9.1035 > a.b.c.1.domain: 3+ A? whirlpool.net.au. (34) 17:08:40.770000 eth0 < a.b.c.9.1036 > a.b.c.1.domain: 4+ A? whirlpool.net.au.k1k2.com. (43) 17:08:45.780000 eth0 < arp reply a.b.c.9 is-at 0:a0:cc:52:c6:7a (0:0:e8:de:a3:6f) 17:09:53.800000 eth0 < a.b.c.9 > a.b.c.1: icmp: a.b.c.9 udp port 1035 unreachable 17:09:53.800000 eth0 < a.b.c.9 > a.b.c.1: icmp: a.b.c.9 udp port 1035 unreachable 17:09:53.810000 eth0 < a.b.c.9 > a.b.c.1: icmp: a.b.c.9 udp port 1035 unreachable 17:09:53.820000 eth0 < a.b.c.9 > a.b.c.1: icmp: a.b.c.9 udp port 1035 unreachable 17:09:58.800000 eth0 < arp reply a.b.c.9 is-at 0:a0:cc:52:c6:7a (0:0:e8:de:a3:6f) 17:16:01.390000 eth0 B arp who-has a.b.c.15 tell a.b.c.9 668 packets received by filter ============================================================================ -- -Thanks for any help -Andrew MS ... if only he hadn't been hang gliding! _______________________________________________ Seawolf-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/seawolf-list
