cannot connect

Dawn Connelly dawn at zapata.org
Thu Sep 28 22:12:03 UTC 2006 

Ping is generally a bad connection test. It uses ICMP which most firewalls will
block. A better test is to telnet on port 80. If you are a windows person, get
into a cmd window and type telnet <IP Address> 80 <enter>. That gives you a
test using TCP over 80 which is going to more accurately reflect what firewalls
holes are open.

Did you do a lookup for a workstation that can't connect? If you are getting DNS
resolution at the workstation level, then most likely DNS isn't your problem.
Make sure that the IP address that you are resolving matches the IP addresses
you get when you test from outside your network. If they are different, then
you probably have a hand jammed zone file some where. To find that rogue DNS
server, do the following from a cmd window:
nslookup <enter>
set q=soa <enter>
oscn.net <enter>

If something other than the legit servers come back, seek and destroy the rogue
zone.

Quoting Steve Ingraham <singraham at okcca.net>:

> Dawn Connelly wrote:
> I tried to hit the web page by IP address... interestingly the first IP
> address
> gave me a standard 403 error which normally indicates that they are
> looking at
> host headers.  When I tried to go to the second IP address, I got the
> following
> error message;
> OCISWebInterfaceSupport2 error '800a2407'
>
> [OCISWebInterfaceSupport2:3D][9998]No User Account Exists(,)
>
> /applications/oscn/start.asp, line 7
>
> So the servers are definitely different which probably isn't a good
> thing. Might
> not have anything to do with this problem though.
>
> If you can get DNS resolution using dig, DNS probably isn't your
> problem. Test
> from one of the workstations that can't connect to confirm though. One
> thing
> you might try is telneting on port 80 to the server's IP address.  If
> you can't
> establish a connection then you are looking at either a permissions or
> networking problem.
>
> </end 2 cents>
>
>
>
> I pinged the two IP addresses from my workstation (which cannot
> connect).  Pinging 65.71.189.80 times out.  Pinging 204.61.6.30 goes
> through with no errors.
>
> Steve Ingraham
>
>

More information about the bind-users mailing list