queer dns access problem
david brett
dbrett at tcn.net
Thu Jan 3 20:10:54 UTC 2008
It sounds like a network configuration error somewhere.
Try doing the following:
-traceroute to the DNS server's IP address
-see if you can access anything outside your own network via IP (i.e.
ping http)
-see what is the default route on the box not working (netstat -nr)
These three steps will help point the direction to look next.
Please accept my apology if, jumping in late I have missed any of these
already.
Steve Phillips wrote:
> Bill Tangren wrote:
>>> Earlier you said you could ssh out of the broken box. Can you ssh to
>>> the
>>> same segment or to a remote network? Can you log in to the box twice
>>> and
>>> start a packet capture while you attempt a dns lookup? This might
>>> show us
>>> if it is related to firewalling or routing.
>>
>>
>> If by the same segment, you mean within the same 10.1.5.x domain, I can
>> ssh if I use the IP number to the same segment (there are errors, but it
>> ultimately succeeds), but I cannot ssh out of the segment, with or
>> without
>> IP number. Also, I can ssh into the broken box from within the segment.
>>
>
> [see below]
>
> there is no 10.1.5.x segment, there is only a 10.x segment. You have
> both the working and non working box in the same network. I would be
> double checking hte network masks at this point as it does sound like
> you have a network masking problem. It may also help to know what boxes
> (ip ranges) are working and what ones are not, what exactly are you
> testing to.
>
> like
>
> on box a i can ssh to (using ip addresses)
>
> 10.1.5.1
> 10.1.6.1
>
> but not 10.100.6.1
>
> but 202.1.4.5 works as well
>
> on box b all of the above work.
>
> you could also try making your subnet masks smaller, your gateway is in
> 10.1.1.2 ? try reducing your mask to a /21 (255.255.248.0) and see if
> that allows you to reach the dns servers - at this point tho, you should
> really be getting a network tech involved or someone who has access to
> the dns servers and see how they are configured.
>
>
>>
>>> Ian
>>>
>>> ----- "Bill Tangren" <bjt at usno.navy.mil> wrote:
>>>>> On Dec 13, 2007 8:02 AM, Bill Tangren <bjt at usno.navy.mil> wrote:
>>>>>
>>>>>>> OK. Is the /8 netmask a cut and paste error too?
>>>>>> No, it is correct.
>>>>>>
>>>>>>> Your trouble could be a routing issue: 10.1.5.58/8 and
>>>> 10.1.1.46/8 are
>>>>>>> on the same subnet as far as the network layer is concerned so
>>>> there
>>>>>> is
>>>>>>> no reason to go to the default route. Thats why I asked for a
>>>>>>> traceroute too -- or mtr if you have it installed and it will
>
>
More information about the redhat-list
mailing list