<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>yes, true the problem is from the firewall. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Thanks everyone for the tremendous support.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Ejaz<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> Warren Kumari [mailto:warren@kumari.net] <br><b>Sent:</b> Sunday, January 4, 2015 5:09 PM<br><b>To:</b> Mohammed Ejaz<br><b>Cc:</b> Barry Margolin; comp-protocols-dns-bind@isc.org<br><b>Subject:</b> Re: can't-resolve<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><br><br>On Sunday, January 4, 2015, Mohammed Ejaz <<a href="mailto:mejaz@cyberia.net.sa">mejaz@cyberia.net.sa</a>> wrote:<o:p></o:p></p><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in'><p class=MsoNormal><br>Hello, all.<br><br>now everything is fine once the port > 1024 opened from the network<br>firewall. <o:p></o:p></p></blockquote><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><p class=MsoNormal>Ah! You mean on the firewall that everyone kept saying existed? And that folk kept providing evidence of? Who would have thought...<o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in'><p class=MsoNormal>so it means not only 53 port requires to be open.<o:p></o:p></p></blockquote><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Yes. Which is why everyone was saying there was a firewall that you needed to adjust.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>I think it would have been much more polite / appropriate to have posted that you'd found the firewall and acknowledged that you'd been mistaken...<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>W<o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in'><p class=MsoNormal style='margin-bottom:12.0pt'><br><br><br>-----Original Message-----<br>From: <a href="javascript:;">bind-users-bounces@lists.isc.org</a><br>[mailto:<a href="javascript:;">bind-users-bounces@lists.isc.org</a>] On Behalf Of Ejaz<br>Sent: Sunday, December 28, 2014 11:10 AM<br>To: 'Warren Kumari'; 'Barry Margolin'<br>Cc: <a href="javascript:;">comp-protocols-dns-bind@isc.org</a><br>Subject: RE: can't-resolve<br><br>Thanks for the suggestion<br><br>I am sure No firewall at all. Also See I now I have reassigned the my<br>previous IP which is 212.119.64.12, after that everything is fine. It<br>wouldn't have worked with this IP if there is firewall on the box??<br><br>Regards,<br>Mohammed Ejaz<br>CYBERIAR SAUDI ARABIA<br>P.O.Box 301079, Riyadh 11372, Saudi Arabia<br>Tel: +966 11 464 7114 Ext. 140<br>Fax: +966 11 465 4735<br><br>-----Original Message-----<br>From: <a href="javascript:;">bind-users-bounces@lists.isc.org</a><br>[mailto:<a href="javascript:;">bind-users-bounces@lists.isc.org</a>] On Behalf Of Warren Kumari<br>Sent: Saturday, December 27, 2014 2:27 AM<br>To: Barry Margolin<br>Cc: <a href="javascript:;">comp-protocols-dns-bind@isc.org</a><br>Subject: Re: can't-resolve<br><br>Also, from querying from the outside (with TCP):<br><br> ~# dig +tcp <a href="http://www.auth-servers.net" target="_blank">www.auth-servers.net</a> @<a href="http://212.119.64.228" target="_blank">212.119.64.228</a><br>; <<>> DiG 9.10.1-P1 <<>> +tcp <a href="http://www.auth-servers.net" target="_blank">www.auth-servers.net</a> @<a href="http://212.119.64.228" target="_blank">212.119.64.228</a> ;;<br>global options: +cmd ;; Got answer:<br>;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 20716 ;; flags: qr rd<br>ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1<br><br>;; OPT PSEUDOSECTION:<br>; EDNS: version: 0, flags:; udp: 4096<br>;; QUESTION SECTION:<br>;<a href="http://www.auth-servers.net" target="_blank">www.auth-servers.net</a>. IN A<br><br>;; Query time: 8260 msec<br>;; SERVER: 212.119.64.228#53(212.119.64.228) ;; WHEN: Fri Dec 26 18:18:30<br>EST 2014 ;; MSG SIZE rcvd: 49<br><br>Then trying the same query a few seconds later:<br>dig +tcp <a href="http://www.auth-servers.net" target="_blank">www.auth-servers.net</a> @<a href="http://212.119.64.228" target="_blank">212.119.64.228</a><br><br>; <<>> DiG 9.10.1-P1 <<>> +tcp <a href="http://www.auth-servers.net" target="_blank">www.auth-servers.net</a> @<a href="http://212.119.64.228" target="_blank">212.119.64.228</a> ;;<br>global options: +cmd ;; connection timed out; no servers could be reached<br><br>This really looks like a firewall -- perhaps there is some firewall software<br>on the box itself?<br><br>W<br><br><br>On Fri, Dec 26, 2014 at 6:17 PM, Warren Kumari <<a href="javascript:;">warren@kumari.net</a>> wrote:<br>> What OS is this machine running?<br>><br>> Interestingly enough, it is unpingable, and a quick nmap fingerprints<br>> it<br>as:<br>> Running: Sun Solaris 8<br>> OS CPE: cpe:/o:sun:sunos:5.8<br>> OS details: Sun Solaris 8 (SPARC)<br>><br>> nmap could only find one open port (TCP 53 :-)) and so its<br>> fingerprinting is unreliable, but it *does* look like you are behind a<br>> firewall type devices.<br>> It is unusual for machines themselves to not respond to pings.<br>><br>> fpdns says:<br>> fingerprint (212.119.64.228, 212.119.64.228): ISC BIND 9.2.3rc1 --<br>> 9.6.1-P1 [recursion enabled]<br>><br>><br>><br>> On Fri, Dec 26, 2014 at 5:55 PM, Barry Margolin <<a href="javascript:;">barmar@alum.mit.edu</a>><br>wrote:<br>>> In article <<a href="javascript:;">mailman.1330.1419633581.26362.bind-users@lists.isc.org</a>>,<br>>> "Ejaz" <<a href="javascript:;">mejaz@cyberia.net.sa</a>> wrote:<br>>><br>>>> I am sure sir there is no firewall on in the server you can make<br>>>> sure by telnet to the port 53 of this IP 212.119.64.228<br>>><br>>> That doesn't mean anything. The firewall may be blocking OUTGOING<br>>> packets to port 53, or they're blocking the returning replies (which<br>>> go to an ephemeral port).<br>>><br>>>><br>>>><br>>>> Regards,<br>>>> Mohammed Ejaz<br>>>> CYBERIAR SAUDI ARABIA<br>>>> P.O.Box 301079, Riyadh 11372, Saudi Arabia<br>>>> Tel: +966 11 464 7114 Ext. 140<br>>>> Fax: +966 11 465 4735<br>>>><br>>>> -----Original Message-----<br>>>> From: <a href="javascript:;">bind-users-bounces@lists.isc.org</a><br>>>> [mailto:<a href="javascript:;">bind-users-bounces@lists.isc.org</a>] On Behalf Of Matus UHLAR -<br>>>> fantomas<br>>>> Sent: Friday, December 26, 2014 7:35 PM<br>>>> To: <a href="javascript:;">bind-users@lists.isc.org</a><br>>>> Subject: Re: can't-resolve<br>>>><br>>>> On 26.12.14 19:21, Ejaz wrote:<br>>>> >When run "dig a <a href="http://yahoo.com" target="_blank">yahoo.com</a> @<a href="http://212.119.64.228" target="_blank">212.119.64.228</a> below is the ouput.<br>>>> ><br>>>> ><a href="http://yahoo.com" target="_blank">yahoo.com</a>. (38)<br>>>> >17:39:41.363532 IP 212.119.64.228.37891 > 212.119.64.228.domain: 34168+<br>>>> >[1au] A? <a href="http://yahoo.com" target="_blank">yahoo.com</a>. (38)<br>>>> >17:39:42.246993 IP 212.119.64.228.53702 > 192.5.5.241.domain: 58238<br>>>> >[1au]<br>>>> A?<br>>>> >yah <a href="http://oo.com" target="_blank">oo.com</a>. (38)<br>>>> >17:39:42.247012 IP 212.119.64.228.45701 > 192.5.5.241.domain: 13223<br>[1au]<br>>>> >NS? . (28)<br>>>> >17:39:43.047148 IP 212.119.64.228.43795 > 128.63.2.53.domain: 1539 A?<br>>>> ><a href="http://yahoo.com" target="_blank">yahoo.com</a>. (27)<br>>>> >17:39:43.047154 IP 212.119.64.228.55178 > 128.63.2.53.domain: 56002 NS?<br>.<br>>>> >(17)<br>>>> >17:39:43.847447 IP 212.119.64.228.61664 > 192.58.128.30.domain: 165 A?<br>>>> ><a href="http://yahoo.com" target="_blank">yahoo.com</a> . (27)<br>>>> >17:39:43.847542 IP 212.119.64.228.30239 > 192.58.128.30.domain:<br>>>> >11435<br>NS? .<br>>>> >(17)<br>>>> >17:39:44.995096 IP 212.119.64.228.24477 > 199.7.83.42.domain: 25645<br>>>> >[1au]<br>>>> A?<br>>>> ><a href="http://yahoo.com" target="_blank">yahoo.com</a>. (38)<br>>>> >17:39:44.995162 IP 212.119.64.228.22170 > 199.7.83.42.domain: 44767<br>>>> >[1au] NS? . (28)<br>>>> >17:39:45.897226 IP 212.119.64.228.35574 > 199.7.91.13.domain: 29284 A?<br>>>> ><a href="http://yahoo.com" target="_blank">yahoo.com</a>. (27)<br>>>> >17:39:45.897233 IP 212.119.64.228.36946 > 199.7.91.13.domain: 17626 NS?<br>.<br>>>> >(17)<br>>>> >17:39:46.363642 IP 212.119.64.228.37891 > 212.119.64.228.domain:<br>>>> >34168+ [1au] A? <a href="http://yahoo.com" target="_blank">yahoo.com</a>. (38)<br>>>> >17:39:46.370282 IP 212.119.64.228.domain > 212.119.64.228.37891:<br>>>> >34168 ServFail 0/0/1 (38)<br>>>><br>>>> these are just outgoing DNS requests , no replies coming back.<br>>>> Are you sure there is no firewall, or "security" gateway between<br>>>> your server and the world?<br>>>><br>>>><br>>>> --<br>>>> Matus UHLAR - fantomas, <a href="javascript:;">uhlar@fantomas.sk</a> ; <a href="http://www.fantomas.sk/" target="_blank">http://www.fantomas.sk/</a><br>>>> Warning: I wish NOT to receive e-mail advertising to this address.<br>>>> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.<br>>>> 42.7 percent of all statistics are made up on the spot.<br>>>> _______________________________________________<br>>>> Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to<br>>>> unsubscribe from this list<br>>>><br>>>> bind-users mailing list<br>>>> <a href="javascript:;">bind-users@lists.isc.org</a><br>>>> <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>>><br>>> --<br>>> Barry Margolin<br>>> Arlington, MA<br>>> _______________________________________________<br>>> Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to<br>>> unsubscribe from this list<br>>><br>>> bind-users mailing list<br>>> <a href="javascript:;">bind-users@lists.isc.org</a><br>>> <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>><br>><br>><br>> --<br>> I don't think the execution is relevant when it was obviously a bad<br>> idea in the first place.<br>> This is like putting rabid weasels in your pants, and later expressing<br>> regret at having chosen those particular rabid weasels and that pair<br>> of pants.<br>> ---maf<br><br><br><br>--<br>I don't think the execution is relevant when it was obviously a bad idea in<br>the first place.<br>This is like putting rabid weasels in your pants, and later expressing<br>regret at having chosen those particular rabid weasels and that pair of<br>pants.<br> ---maf<br>_______________________________________________<br>Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to<br>unsubscribe from this list<br><br>bind-users mailing list<br><a href="javascript:;">bind-users@lists.isc.org</a><br><a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br><br>--<br><br>_______________________________________________<br>Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to<br>unsubscribe from this list<br><br>bind-users mailing list<br><a href="javascript:;">bind-users@lists.isc.org</a><br><a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br><br>--<br><br><o:p></o:p></p></blockquote><p class=MsoNormal><br><br>-- <br>I don't think the execution is relevant when it was obviously a bad idea in the first place.<br>This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants.<br> ---maf<o:p></o:p></p></div></body></html>