DNS server works but keep getting "host unreachable resolving" error

Mark Andrews marka at isc.org
Mon Sep 21 22:17:21 UTC 2009


In message <865284.37771.qm at web36203.mail.mud.yahoo.com>, Shi Jin writes:
> 
> > "host unreachable" is one of the clearer error messages, so
> > you need
> > to do some digging. From the box that you've set up bind9
> > on you'll
> > need to use dig to query the ISP's name servers. If that
> > works, then
> > you'll have to use tcpdump on that box to find out what
> > named is doing.
> > 
> > Doug
> > 
> Thank you very much.
> Your suggestion to use "tcpdump" actually is very helpful. It clearly shows:
>  ICMP host 216.171.238.67 unreachable - admin prohibited, length 87

Yet you claim that dig to 216.171.238.67 works.  I think you need to provide
a full trace not the summary that a plain tcpdump gives.

Add  -Xvvv to the set of flags you used with tcpdump.

> So I think this most likely has to do with the firewall setup. Probably I should enable ICMP redirect? Could anyone confirm? And
>  is this safe?
> 
> Thank you very much.
> Shi
> 
> 
>       
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the bind-users mailing list