Neophyte in a conundrum

Barry Margolin barmar at bbnplanet.com
Tue Mar 14 17:46:33 UTC 2000 

In article <38cddc35.2948935 at news.poncacity.net>,
Rob Wright <rwright at nadaspam.poncacity.net> wrote:
>Greetings and salutations,
>
>For the last three weeks I've been plagued by a group of users unable
>to access a particular website behind a firewall at a financial
>services organization. Everything was working fine up until then, now
>they can't get to a page beneath the main page that sets on a seperate
>IP address. When attempting to browse to it they are getting a message
>"host not found". Trying to nslookup off my machine tells me that its
>a "non-existent host/domain". Other name servers aren't having any
>problems with this, and it seems to be just us. I have verified that
>other services aren't having this problem. I understand that our
>machine isn't resolving the address properly. We can go directly to
>the site with the IP address. Here's some info:
>
>1. We're running Bind 8 on a Linux machine (SuSE 6.2)
>2. No changes have been made to my nameserver, and none were made
>prior to the current trouble.
>3. After the first incident, things seem to have cleared up on their
>own for about a week, then went south again.
>4. I've restarted the named, attempted to flush any cached
>information, and used dig to update my cache.db file.
>5. I did add another nameserver on another network to my resolv.conf
>file, which allows the server itself to resolve the address, but it
>still won't do it for other machines on the network.
>6. The address we are trying to get to is behind a firewall, and does
>seem to have port53 closed off.

Are you referring to the address of the web server or the nameserver?  Port
53 is used to talk to nameservers.  Is the nameserver for the hostname in
the URL you can't get to also behind the firewall?

>7. I've checked over everything I can find, and pored through DNS and
>Bind, and more docs and pages than I can count.

It sounds like a firewall or routing problem involving your address block.
You need to do traceroutes in both directions between your machine and
their nameserver.

-- 
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

More information about the bind-users mailing list