On 7/12/19 6:01 PM, Brian Candler wrote: > On 12/07/2019 22:03, Bryan Fields wrote: >> $ dig 50121.nodes.allstarlink.org @44.98.254.151 if you want to see it fail. > > Works for me:
Well crap, must be a packet molester on my ISP, right? > Are you sure you don't have some sort of DNS-inspecting firewall in > between your dig client and the server? > Can you run tcpdump on the server itself, and see the query and/or response? Server got query Server sent response IP of my ISP connection sends ICMP unreachable at the server (WTF??). So I was investigating this a being some network messing around with my ISP. Turns out it was my old cisco NAT router on my connection at home. In classic IOS it had a DNS ALG. Using the below command it disabled it: 'no ip nat service alg udp dns' And the problem was fixed. I'm happy it's not my ISP, kinda pissed at myself it was my gear doing it. Thanks to Brian and Ken for assisting on this! PS. NAT is Evil. -- Bryan Fields 727-409-1194 - Voice http://bryanfields.net _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
