queer dns access problem
Bill Tangren
bjt at usno.navy.mil
Mon Dec 17 22:17:24 UTC 2007
> Earlier you said you could ssh out of the broken box. Can you ssh to the
> same segment or to a remote network? Can you log in to the box twice and
> start a packet capture while you attempt a dns lookup? This might show us
> if it is related to firewalling or routing.
If by the same segment, you mean within the same 10.1.5.x domain, I can
ssh if I use the IP number to the same segment (there are errors, but it
ultimately succeeds), but I cannot ssh out of the segment, with or without
IP number. Also, I can ssh into the broken box from within the segment.
>
> Ian
>
> ----- "Bill Tangren" <bjt at usno.navy.mil> wrote:
>> > On Dec 13, 2007 8:02 AM, Bill Tangren <bjt at usno.navy.mil> wrote:
>> >
>> >> >
>> >> > OK. Is the /8 netmask a cut and paste error too?
>> >>
>> >> No, it is correct.
>> >>
>> >> >
>> >> > Your trouble could be a routing issue: 10.1.5.58/8 and
>> 10.1.1.46/8 are
>> >> > on the same subnet as far as the network layer is concerned so
>> there
>> >> is
>> >> > no reason to go to the default route. Thats why I asked for a
>> >> > traceroute too -- or mtr if you have it installed and it will
>> work.
>> >> >
>> >> > # mtr -rnc 10 DNS.SERVER.IP.ADDRESS
>> >> >
>> >> > What netmask is the firewall using for the interface?
>> >>
>> >>
>> >> When the network guy comes in this afternoon, I'll ask. This still
>> >> doesn't
>> >> explain why it works for one machine, but not the other, when both
>> are
>> >> set
>> >> the same.
>> >
>> > I am assuming you've done the usual stuff
>> >
>> > double checked /etc/resolv.conf
>> >
>> > checked /etc/nsswitch.conf
>>
>>
>> Did these two.
>>
>> >
>> > Pinged the default gateway.
>> >
>>
>> Ping is shut off on the gateway. I'll ask the firewall guy to turn it
>> on
>> long enough to test this.
>>
>> > Checked the network cabling back to the switch.
>>
>> Yes, other computers work just fine with this cabling.
>>
>> >
>> > Checked the patch cable.
>> >
>>
>> Patch cable? What is that?
>>
>> > ifconfig to make sure the interface is actually up.
>> >
>>
>> yep.
>>
>> > ethtool to check that speed and duplex are as expected.
>> >
>>
>> Didn't think to do this. Will try it on Monday.
>>
>> > Can't think of anything else offhand.
>> >
>>
>> Thanks for the help.
>>
>> > --
>> > Stephen Carville
>> >
>>
>>
>>
More information about the redhat-list
mailing list