queer dns access problem
Steve Phillips
steve at focb.co.nz
Mon Dec 17 23:47:50 UTC 2007
Bill Tangren wrote:
>> Earlier you said you could ssh out of the broken box. Can you ssh to the
>> same segment or to a remote network? Can you log in to the box twice and
>> start a packet capture while you attempt a dns lookup? This might show us
>> if it is related to firewalling or routing.
>
>
> If by the same segment, you mean within the same 10.1.5.x domain, I can
> ssh if I use the IP number to the same segment (there are errors, but it
> ultimately succeeds), but I cannot ssh out of the segment, with or without
> IP number. Also, I can ssh into the broken box from within the segment.
>
[see below]
there is no 10.1.5.x segment, there is only a 10.x segment. You have
both the working and non working box in the same network. I would be
double checking hte network masks at this point as it does sound like
you have a network masking problem. It may also help to know what boxes
(ip ranges) are working and what ones are not, what exactly are you
testing to.
like
on box a i can ssh to (using ip addresses)
10.1.5.1
10.1.6.1
but not 10.100.6.1
but 202.1.4.5 works as well
on box b all of the above work.
you could also try making your subnet masks smaller, your gateway is in
10.1.1.2 ? try reducing your mask to a /21 (255.255.248.0) and see if
that allows you to reach the dns servers - at this point tho, you should
really be getting a network tech involved or someone who has access to
the dns servers and see how they are configured.
>
>> Ian
>>
>> ----- "Bill Tangren" <bjt at usno.navy.mil> wrote:
>>>> On Dec 13, 2007 8:02 AM, Bill Tangren <bjt at usno.navy.mil> wrote:
>>>>
>>>>>> OK. Is the /8 netmask a cut and paste error too?
>>>>> No, it is correct.
>>>>>
>>>>>> Your trouble could be a routing issue: 10.1.5.58/8 and
>>> 10.1.1.46/8 are
>>>>>> on the same subnet as far as the network layer is concerned so
>>> there
>>>>> is
>>>>>> no reason to go to the default route. Thats why I asked for a
>>>>>> traceroute too -- or mtr if you have it installed and it will
--
Steve
() ascii ribbon campaign - against html e-mail
/\ www.asciiribbon.org - against proprietary attachments
More information about the redhat-list
mailing list