queer dns access problem
Bill Tangren
bjt at usno.navy.mil
Wed Dec 12 20:43:06 UTC 2007
>> -----Original Message-----
>
> Some ideas:
>
> Turn off firewalling if possible.
>
> Check default route
> # ip route list
> 10.212.166.0/24 dev eth0 proto kernel scope link src 10.212.166.26
> 169.254.0.0/16 dev eth0 scope link
> default via 10.212.166.1 dev eth0 <----!!!!
>
> correct if necessary.
>
> Check for UDP connectivity
>
> # nmap -PU -p53 DNS.SERVER.IP.ADDRESS
>
> # traceroute -U DNS.SERVER.IP.ADDRESS
OK, this is what is produced on the server that works:
*****
[root at mach2 X11]# ip route list
169.254.0.0/16 dev eth0 scope link
10.0.0.0/8 dev eth0 proto kernel scope link src 10.1.5.58
default via 10.1.1.2 dev eth0
[root at mach2 ~]# nmap -PU -p53 10.1.1.6
Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2007-12-12 15:33 EST
Note: Host seems down. If it is really up, but blocking our ping probes,
try -P0
Nmap run completed -- 1 IP address (0 hosts up) scanned in 2.054 seconds
[root at mach2 ~]# nmap -PU -p53 10.1.1.46
Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2007-12-12 15:33 EST
Interesting ports on aurora.timenet.usno.navy.mil (10.1.1.46):
PORT STATE SERVICE
53/tcp open domain
MAC Address: 00:18:8B:38:28:97 (Unknown)
Nmap run completed -- 1 IP address (1 host up) scanned in 0.295 seconds
[root at mach2 ~]#
*****
The server that doesn't looks like this:
*****
[root at aa-cvs ~]# ip route list
169.254.0.0/16 dev eth0 scope link
10.0.0.0/8 dev eth0 proto kernel scope link src 10.1.5.58
default via 10.1.1.2 dev eth0
[root at aa-cvs ~]# nmap -PU -p53 10.1.1.6
Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2007-12-12 15:33 EST
Note: Host seems down. If it is really up, but blocking our ping probes,
try -P0
Nmap run completed -- 1 IP address (0 hosts up) scanned in 2.054 seconds
[root at aa-cvs ~]# nmap -PU -p53 10.1.1.46
Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2007-12-12 15:33 EST
Note: Host seems down. If it is really up, but blocking our ping probes,
try -P0
Nmap run completed -- 1 IP address (0 hosts up) scanned in 2.049 seconds
[root at aa-cvs ~]#
*****
The difference
>
> If either works then check for an access list on your DNS. Usually in
> named.conf
I am having this problem even if I change the name and IP number of the
broken server to the unbroken one. Same problem.
I have now reinstalled the OS on the broken server, and it STILL is having
problems. It has to be a hardware problem, but I can't figure out what it
could be.
>
> Try a different switch port if possible.
I'll have to talk to the network guys about this.
>
> --
> Stephen Carville <scarville at landam.com>
More information about the redhat-list
mailing list