bind9.7.1 Instance seems to not talk to systems on its own network.
Kevin Oberman
oberman at es.net
Fri Nov 5 20:20:16 UTC 2010
aa> Date: Fri, 05 Nov 2010 15:04:23 -0500
> From: Martin McCormick <martin at dc.cis.okstate.edu>
> Sender: bind-users-bounces+oberman=es.net at lists.isc.org
>
> This sounds like a firewall issue, but read carefully.
>
> Our master and slave are on 2 different networks that
> are each larger than a single octet. Both are producing messages
> like:
>
> client 139.78.100.57#33486: error sending response: host unreachable
>
> That particular VLAN or subnet is a /22 and runs from
> 139.78.100.0 through 139.78.103.255.
>
> For the moment, we have the firewall on the bind system
> off as there is a firewall for all the hosts on this network but
> there is no firewall between the name server and the complaining
> systems.
>
> Our slave is on another subnet that is 2 octets wide and
> the complaints on that host are all about other hosts in the
> same octet where the DNS lives.
>
> I should know what this is, but it doesn't quite make
> sense. Both DNS's appear to actually be working right except for
> these messages.
>
> Does this sound familiar to anyone?
>
> We were running bind9.6.3 before upgrading and never saw
> similar messages there. The first firewall rule on both systems
> is:
>
>
> #open the firewall for testing.
> ${fwcmd} add pass all from any to any
>
> This should be like not having any firewall at all.
You don't say just what OS this is running on, but if it is FreeBSD,
turn off the firewall with 'sysctl net.inet.ip.fw.enable=0' for IPv4 and
'sysctl net.inet6.ip6.fw.enable=0' for IPv6. I suspect other OSes may
have similar capabilities.
Can these complaining system ping the DNS server?
It almost sounds like something has a bad subnet mask, but that is less
likely if the host is in the same /24 as the server.
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman at es.net Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
More information about the bind-users
mailing list