DNS server works but keep getting "host unreachable resolving" error
Shi Jin
jinzishuai at yahoo.com
Mon Sep 21 22:04:05 UTC 2009
> "host unreachable" is one of the clearer error messages, so
> you need
> to do some digging. From the box that you've set up bind9
> on you'll
> need to use dig to query the ISP's name servers. If that
> works, then
> you'll have to use tcpdump on that box to find out what
> named is doing.
>
> Doug
>
Thank you very much.
Your suggestion to use "tcpdump" actually is very helpful. It clearly shows:
ICMP host 216.171.238.67 unreachable - admin prohibited, length 87
So I think this most likely has to do with the firewall setup. Probably I should enable ICMP redirect? Could anyone confirm? And is this safe?
Thank you very much.
Shi
More information about the bind-users
mailing list