queer dns access problem

[david brett]

It sounds like a network configuration error somewhere.

Try doing the following:
-traceroute to the DNS server's IP address
-see if you can access anything outside your own network via IP (i.e. 
ping http)
-see what is the default route on the box not working (netstat -nr)

These three steps will help point the direction to look next.

Please accept my apology if, jumping in late I have missed any of these 
already.




Steve Phillips wrote:
> Bill Tangren wrote:
>>> Earlier you said you could ssh out of the broken box.  Can you ssh to 
>>> the
>>> same segment or to a remote network?  Can you log in to the box twice 
>>> and
>>> start a packet capture while you attempt a dns lookup?  This might 
>>> show us
>>> if it is related to firewalling or routing.
>>
>>
>> If by the same segment, you mean within the same 10.1.5.x domain, I can
>> ssh if I use the IP number to the same segment (there are errors, but it
>> ultimately succeeds), but I cannot ssh out of the segment, with or 
>> without
>> IP number. Also, I can ssh into the broken box from within the segment.
>>
> 
> [see below]
> 
> there is no 10.1.5.x segment, there is only a 10.x segment. You have 
> both the working and non working box in the same network. I would be 
> double checking hte network masks at this point as it does sound like 
> you have a network masking problem. It may also help to know what boxes 
> (ip ranges) are working and what ones are not, what exactly are you 
> testing to.
> 
> like
> 
> on box a i can ssh to (using ip addresses)
> 
> 10.1.5.1
> 10.1.6.1
> 
> but not 10.100.6.1
> 
> but 202.1.4.5 works as well
> 
> on box b all of the above work.
> 
> you could also try making your subnet masks smaller, your gateway is in 
> 10.1.1.2 ? try reducing your mask to a /21 (255.255.248.0) and see if 
> that allows you to reach the dns servers - at this point tho, you should 
> really be getting a network tech involved or someone who has access to 
> the dns servers and see how they are configured.
> 
> 
>>
>>> Ian
>>>
>>> ----- "Bill Tangren" <bjt at usno.navy.mil> wrote:
>>>>> On Dec 13, 2007 8:02 AM, Bill Tangren <bjt at usno.navy.mil> wrote:
>>>>>
>>>>>>> OK. Is the /8 netmask a cut and paste error too?
>>>>>> No, it is correct.
>>>>>>
>>>>>>> Your trouble could be a routing issue: 10.1.5.58/8 and
>>>> 10.1.1.46/8 are
>>>>>>> on the same subnet as far as the network layer is concerned so
>>>> there
>>>>>> is
>>>>>>> no reason to go to the default route.  Thats why I asked for a
>>>>>>> traceroute too -- or mtr if you have it installed and it will
> 
>