Zitat von Romgo :
All right.
this seems to correct the issue.
But that's the first time I had to open the firewall for a packet answer.
weird.
It is a somewhat special case. UDP by itself is not stateful at all so
any stateful firewall have to use some timeout values to decide if the
"co
All right.
this seems to correct the issue.
But that's the first time I had to open the firewall for a packet answer.
weird.
Thanks for the help.
On 13 March 2012 10:19, wrote:
> Zitat von Romgo :
>
>
> I see, but It should be statefull right ?
>>
>>
> If using stateful UPD filtering you m
Zitat von Romgo :
I see, but It should be statefull right ?
If using stateful UPD filtering you might get hit by short timeout
values for UDP state matching, so packets get dropped if the query is
too slow.
Regards
Andreas
___
Please visit
I see, but It should be statefull right ?
On 12 March 2012 23:57, Mark Andrews wrote:
>
> In message <
> caaoqnkg-xfkws_fen9kedub7w19vf4jocsfp52lb8ixv5+g...@mail.gmail.com>
> , Romgo writes:
> >
> > Here is my Iptables configuration for bind :
> >
> > # prod.dns.in
> > $IPTABLES -t filter -A IN
In message
, Romgo writes:
>
> Here is my Iptables configuration for bind :
>
> # prod.dns.in
> $IPTABLES -t filter -A INPUT -j LOGACCEPT -p udp --dport 53 -i eth1-d
> 192.168.201.2 -s 0/0
> $IPTABLES -t filter -A INPUT -j LOGACCEPT -p tcp --dport 53 -i eth1 -d
> 192.168.201.2 -s 0/0
>
>
> #
Sorry, it has a space, I just made an error by copying.
Yes 192.168.201.2 is dropped because it uses source port 53. I don't have
any iptables rule for this.
I don't understand why there is a packet with source port 53.
On 12 March 2012 21:33, Chuck Swiger wrote:
> On Mar 12, 2012, at 1:24
On Mar 12, 2012, at 1:24 PM, Romgo wrote:
> Here is my Iptables configuration for bind :
>
> # prod.dns.in
> $IPTABLES -t filter -A INPUT -j LOGACCEPT -p udp --dport 53 -i eth1-d
> 192.168.201.2 -s 0/0
> $IPTABLES -t filter -A INPUT -j LOGACCEPT -p tcp --dport 53 -i eth1 -d
> 192.168.201.2 -s 0/
12 18:00, Chuck Swiger wrote:
> On Mar 12, 2012, at 8:09 AM, Romgo wrote:
> > Dear community,
> >
> > I do have many error in my Bind's log file such as :
> >
> > client 192.168.201.1#29404: error sending response: host unreachable
> >
> > It
On Mar 12, 2012, at 8:09 AM, Romgo wrote:
> Dear community,
>
> I do have many error in my Bind's log file such as :
>
> client 192.168.201.1#29404: error sending response: host unreachable
>
> It seems that I have an iptables issue as each time I shut iptables I
Dear community,
I do have many error in my Bind's log file such as :
client 192.168.201.1#29404: error sending response: host unreachable
It seems that I have an iptables issue as each time I shut iptables I don't
have anymore this message showing up.
I saw that my firewall is droppi
heh. sorry. i did read dig's man page but i thought you
were going to reply and tell me my dig version was behind
yours.
sorry for the tardy reply. one of those weeks.
j.
ns5 52 > dig @146.6.211.1 +tcp arlut.utexas.edu
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_5.3 <<>> @146.6.211.1 +tcp
a
these msgs:
Jan 10 12:36:24 ns2 named[3037]: client 10.4.1.6#59926: view internal: error
sending response: host unreachable
i CAN do an AXFR from 10.4.1.6 to ns2
that is,
dig @10.4.1.6 arlut.utexas.edu AXFR
does give me output.
on 10.4.1.6,
dig @146.6.211.1 arlut.utexas.edu AXFR
;<<>>
sorry about that. I don't normally use these options But it's
dig @146.6.211.1 +tcp arlut.utexas.edu
dig @146.6.211.1 +notcp arlut.utexas.edu
But UDP is default and the second query should have been transmitted
using UDP. The end result is that you have TCP and UDP port 53 openned
properly in the
On Mon, Jan 10, 2011 at 12:52:16PM -0600, Lyle Giese wrote:
[snip]
> Jay
> Please do the following two queries from the secondary server and show
> us the results:
>
> dig @146.6.211.1 +tcp arlut.utexas.edu
>
> dig @146.6.211.1 -tcp arlut.utexas.edu
>
> Lyle Giese
> LCR Computer Services, Inc.
ons of these msgs:
> Jan 10 12:36:24 ns2 named[3037]: client 10.4.1.6#59926: view internal: error
> sending response: host unreachable
>
> i CAN do an AXFR from 10.4.1.6 to ns2
> that is,
> dig @10.4.1.6 arlut.utexas.edu AXFR
> does give me output.
>
> on 10.4.1.6,
>
7]: client 10.4.1.6#59926: view internal: error
> sending response: host unreachable
>
> i CAN do an AXFR from 10.4.1.6 to ns2
> that is,
> dig @10.4.1.6 arlut.utexas.edu AXFR
> does give me output.
>
> on 10.4.1.6,
> dig @146.6.211.1 arlut.utexas.edu AXFR
926: view internal: error
sending response: host unreachable
i'm starting to think it might be just an ordinary dns lookup.
j.
--
Jay Scott 512-835-3553g...@arlut.utexas.edu
Head of Sun Support, Sr. System Administrator
Applied Research Labs, Computer Science Div.
On 07.01.11 12:54, Jay G. Scott wrote:
> i get, and have always gotten, billions of these messages.
>
> Jan 2 07:37:43 ns2 named[3028]: client 10.4.1.6#33823: view internal: error
> sending response: host unreachable
>
> the story is that these are the results of attemp
rch for it i get
nothing but false leads. for example, i get a lot of search results
about DOS attacks. this isn't a DOS attack.
i get, and have always gotten, billions of these messages.
Jan 2 07:37:43 ns2 named[3028]: client 10.4.1.6#33823: view internal: error
sending response: host u
In article ,
Matus UHLAR - fantomas wrote:
> On 21.09.09 19:26, Shi Jin wrote:
> > I've confirmed that the problem is firewall related. I've replaced my
> > current Untangle firewall with a simplest Linux NAT iptables firewall and
> > everything works perfectly, without any complains.
>
> I'd s
On 21.09.09 19:26, Shi Jin wrote:
> I've confirmed that the problem is firewall related. I've replaced my
> current Untangle firewall with a simplest Linux NAT iptables firewall and
> everything works perfectly, without any complains.
I'd say it was bad configuration, not necessarily a bad firewal
Thank you all.
I've confirmed that the problem is firewall related. I've replaced my current
Untangle firewall with a simplest Linux NAT iptables firewall and everything
works perfectly, without any complains.
Thank you very much for your kind help/suggestions.
Shi
1) Confirm whether you need to forward at all. If you don't need to,
then remove the forwarders entries and that should take care of the
errors in your log.
2) If you *must* use forwarders, look at the part of the config that you
didn't show us, and determine whether there is something there (e.
In message <865284.37771...@web36203.mail.mud.yahoo.com>, Shi Jin writes:
>
> > "host unreachable" is one of the clearer error messages, so
> > you need
> > to do some digging. From the box that you've set up bind9
> > on you'll
> &g
> "host unreachable" is one of the clearer error messages, so
> you need
> to do some digging. From the box that you've set up bind9
> on you'll
> need to use dig to query the ISP's name servers. If that
> works, then
> you'll have to use tc
for each DNS query, the syslog shows entries of
>
> dhcp-dns named[18638]: host unreachable resolving 'google.com/A/IN':
> 216.171.238.66#53
> Where the IP 216.171.238.66 is the ISP provided DNS server.
"host unreachable" is one of the clearer error messages, so yo
> Try
> dig @216.171.238.66 hp.com
> to see if the .66 host answers to your queries. Maybe you
> got a wrong IP
> there? Try the same for .67, the other DNS.
>
Thank you very much. I tried what you suggested and it seems that these two
servers work perfectly. In fact, I can simply set my DNS t
On Montag 21 September 2009 Shi Jin wrote:
> However, it looks to me like the ISP provided DNS server
> (216.171.238.66) was not able to resolve any of the names and all the
> resolving is done at the top level servers. Is my understanding
> correct?
Try
dig @216.171.238.66 hp.com
to see if the .6
dhcp-dns named[18638]: host unreachable resolving 'google.com/A/IN':
216.171.238.66#53
Where the IP 216.171.238.66 is the ISP provided DNS server.
My named.conf.options looks like
forwarders {
216.171.238.66;
216.171.238.67;
};
listen-on-v6 { n
x.x#59767: error sending response: host unreachable
>
> I can ping x.x.x.x so I'm confused.
>
> Can some kind soul help?
>
> Thanks
> Kurt
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
In article , Kurt Petersen
wrote:
> Hi
>
> I get a lot of log messages like this:
>
> named[6379]: client x.x.x.x#59767: error sending response: host unreachable
>
> I can ping x.x.x.x so I'm confused.
>
> Can some kind soul help?
My guess is that the res
On Fri, May 08, 2009 at 11:22:59AM +0200,
Kurt Petersen wrote
a message of 17 lines which said:
> named[6379]: client x.x.x.x#59767: error sending response: host unreachable
>
> I can ping x.x.x.x so I'm confused.
On today's Internet, ping is a poor connectivity test be
Hi
I get a lot of log messages like this:
named[6379]: client x.x.x.x#59767: error sending response: host unreachable
I can ping x.x.x.x so I'm confused.
Can some kind soul help?
Thanks
Kurt
___
bind-users mailing list
bind-users@lists.is
On Tue, May 5, 2009 at 5:41 PM, Jeremy C. Reed wrote:
> On Tue, 5 May 2009, alexus wrote:
>
>> i just deployed new bind-9.6.0-p1
>>
>> and I'm getting a lot of these:
>>
>> May 5 20:18:41 dd named[21037]: host unreachable resolving
>> '128.23
On Tue, 5 May 2009, alexus wrote:
> i just deployed new bind-9.6.0-p1
>
> and I'm getting a lot of these:
>
> May 5 20:18:41 dd named[21037]: host unreachable resolving
> '128.235.241.88.zen.spamhaus.org/TXT/IN': 2001:7b8:3:1f:0:2:53:1#53
If you have IPv6
i just deployed new bind-9.6.0-p1
and I'm getting a lot of these:
May 5 20:18:41 dd named[21037]: host unreachable resolving
'128.235.241.88.zen.spamhaus.org/TXT/IN': 2001:7b8:3:1f:0:2:53:1#53
___
bind-users mailing list
bind-user
36 matches
Mail list logo
