host unreachable, but i can ping it
Jay G. Scott
gl at arlut.utexas.edu
Fri Jan 7 18:54:18 UTC 2011
Linux ns2.arlut.utexas.edu 2.6.18-194.26.1.el5 #1 SMP Fri Oct 29 14:21:16 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux
(i'm not crazy about running that version of bind, but the choice
isn't entirely mine.)
this has to be an old question, but when i search for it i get
nothing but false leads. for example, i get a lot of search results
about DOS attacks. this isn't a DOS attack.
i get, and have always gotten, billions of these messages.
Jan 2 07:37:43 ns2 named: client 10.4.1.6#33823: view internal: error sending response: host unreachable
the story is that these are the results of attempted zone transfers.
i don't know enough to say one way or the other. so that's FWIW.
however, AXFRs of the internal view
(ah, yes... "view internal" i presume has to do w/ named.conf's
view named "internal".)
are not allowed. the outside/external transfer list doesn't
hmmm. i guess i don't know what that msg means. is that just a
client on the "internal view" asking for an ordinary dns lookup?
i DO have a firewall running on here.
i CAN ping 10.4.1.6.
i CAN telnet 10.4.1.6 53 and get a response. but if those attempts
to connect are on other than port 53 i don't know what port to
use instead. i'm assuming that my firewall could be blocking things.
i'm also assuming (wrong?) that if i can ping "to" 10.4.1.6
that the ping "from" would work. anyway, i just checked that,
and for the two tests listed here, it works. would that hold
true for other ports?
i'd rather not, if i can avoid it, post my configurations in detail.
these people are getting kinda hyper about security. i guess i
could ask them.
the system is running. but (1) i'd like to clean up the log
file -- ie, stop getting these messages, and (2) i'm hoping that
by resolving this i'll learn something along the way that will help.
thanks in advance.
More information about the bind-users