[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: queer dns access problem



It sounds like a network configuration error somewhere.

Try doing the following:
-traceroute to the DNS server's IP address
-see if you can access anything outside your own network via IP (i.e. ping http)
-see what is the default route on the box not working (netstat -nr)

These three steps will help point the direction to look next.

Please accept my apology if, jumping in late I have missed any of these already.




Steve Phillips wrote:
Bill Tangren wrote:
Earlier you said you could ssh out of the broken box. Can you ssh to the same segment or to a remote network? Can you log in to the box twice and start a packet capture while you attempt a dns lookup? This might show us
if it is related to firewalling or routing.


If by the same segment, you mean within the same 10.1.5.x domain, I can
ssh if I use the IP number to the same segment (there are errors, but it
ultimately succeeds), but I cannot ssh out of the segment, with or without
IP number. Also, I can ssh into the broken box from within the segment.


[see below]

there is no 10.1.5.x segment, there is only a 10.x segment. You have both the working and non working box in the same network. I would be double checking hte network masks at this point as it does sound like you have a network masking problem. It may also help to know what boxes (ip ranges) are working and what ones are not, what exactly are you testing to.

like

on box a i can ssh to (using ip addresses)

10.1.5.1
10.1.6.1

but not 10.100.6.1

but 202.1.4.5 works as well

on box b all of the above work.

you could also try making your subnet masks smaller, your gateway is in 10.1.1.2 ? try reducing your mask to a /21 (255.255.248.0) and see if that allows you to reach the dns servers - at this point tho, you should really be getting a network tech involved or someone who has access to the dns servers and see how they are configured.



Ian

----- "Bill Tangren" <bjt usno navy mil> wrote:
On Dec 13, 2007 8:02 AM, Bill Tangren <bjt usno navy mil> wrote:

OK. Is the /8 netmask a cut and paste error too?
No, it is correct.

Your trouble could be a routing issue: 10.1.5.58/8 and
10.1.1.46/8 are
on the same subnet as far as the network layer is concerned so
there
is
no reason to go to the default route.  Thats why I asked for a
traceroute too -- or mtr if you have it installed and it will





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]