queer dns access problem
Ian Lists
ian-list at securitypimp.com
Mon Dec 17 19:44:32 UTC 2007
Earlier you said you could ssh out of the broken box. Can you ssh to the same segment or to a remote network? Can you log in to the box twice and start a packet capture while you attempt a dns lookup? This might show us if it is related to firewalling or routing.
Ian
----- "Bill Tangren" <bjt at usno.navy.mil> wrote:
> > On Dec 13, 2007 8:02 AM, Bill Tangren <bjt at usno.navy.mil> wrote:
> >
> >> >
> >> > OK. Is the /8 netmask a cut and paste error too?
> >>
> >> No, it is correct.
> >>
> >> >
> >> > Your trouble could be a routing issue: 10.1.5.58/8 and
> 10.1.1.46/8 are
> >> > on the same subnet as far as the network layer is concerned so
> there
> >> is
> >> > no reason to go to the default route. Thats why I asked for a
> >> > traceroute too -- or mtr if you have it installed and it will
> work.
> >> >
> >> > # mtr -rnc 10 DNS.SERVER.IP.ADDRESS
> >> >
> >> > What netmask is the firewall using for the interface?
> >>
> >>
> >> When the network guy comes in this afternoon, I'll ask. This still
> >> doesn't
> >> explain why it works for one machine, but not the other, when both
> are
> >> set
> >> the same.
> >
> > I am assuming you've done the usual stuff
> >
> > double checked /etc/resolv.conf
> >
> > checked /etc/nsswitch.conf
>
>
> Did these two.
>
> >
> > Pinged the default gateway.
> >
>
> Ping is shut off on the gateway. I'll ask the firewall guy to turn it
> on
> long enough to test this.
>
> > Checked the network cabling back to the switch.
>
> Yes, other computers work just fine with this cabling.
>
> >
> > Checked the patch cable.
> >
>
> Patch cable? What is that?
>
> > ifconfig to make sure the interface is actually up.
> >
>
> yep.
>
> > ethtool to check that speed and duplex are as expected.
> >
>
> Didn't think to do this. Will try it on Monday.
>
> > Can't think of anything else offhand.
> >
>
> Thanks for the help.
>
> > --
> > Stephen Carville
> >
>
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
More information about the redhat-list
mailing list