DNS server works but keep getting "host unreachable resolving" error

Shi Jin jinzishuai at yahoo.com
Mon Sep 21 22:04:05 UTC 2009

> "host unreachable" is one of the clearer error messages, so
> you need
> to do some digging. From the box that you've set up bind9
> on you'll
> need to use dig to query the ISP's name servers. If that
> works, then
> you'll have to use tcpdump on that box to find out what
> named is doing.
> Doug
Thank you very much.
Your suggestion to use "tcpdump" actually is very helpful. It clearly shows:
 ICMP host unreachable - admin prohibited, length 87
So I think this most likely has to do with the firewall setup. Probably I should enable ICMP redirect? Could anyone confirm? And is this safe?

Thank you very much.


More information about the bind-users mailing list