Re: BIND9 fails resolving after connecting to VPN

kapetr kapetr at mizera.cz
Sat Apr 9 08:16:10 UTC 2011 

Hello,

now more details:

----- PŮVODNÍ ZPRÁVA -----
Od: "Chuck Swiger" <cswiger at mac.com>
Komu: "kapetr" <kapetr at mizera.cz>
Předmět: Re: BIND9 fails resolving after connecting to VPN
Datum: 8.4.2011 - 23:57:10

> On Apr 8, 2011, at 2:23 PM, kapetr wrote:
> >> What does:
> >> 
> >> dig +short rs.dns-oarc.net txt
> >> 
> >> ...do when your VPN tunnel is up?
> > 
> > After VPN up and restart of BIND:
> > 
> > hugo at duron650:~$ dig +short rs.dns-oarc.net txt
> > ;; connection timed out; no servers could be
> > reached
> > > hugo at duron650:~$ 
> 
> Hmm.  Your local nameservers probably are listed
> in /etc/resolv.conf, otherwise consider adding
> @localhost or whatever is needed to talk to them. 
> Something is blocking DNS traffic going via your
> tunnel, presumably.
> 
> tcpdump and traceroute might help diagnose.  Or
> try switching to hitting 4.2.2.2 or some other
> well-known public nameserver via dig, and see
> whether you can get a response from them.

As I wrote before,

if I change to DNS server in Internet - e.g. of my ISP, all works
fine - reolving request goes over new route (== over VPN), ... I can
surf, ...

Just the local BIND get crazy .

Details: I have changed my resolf.conf to point only to my ISPs DND
servers (not 127.0.0.1 = my server).

I run the VPN ...

I run 2 dig questions - first over (default) server of my ISP (OK)
and second over 127.0.0.1 (FAIL).

see cmd.txt in attachment.

This communication is also in Wireshark libpcap.
see wirsh.libcap in attachment.

The route -n gives: - see also cmd.txt (the 2. is after VPN shut
down)

FYI:
The 217.114.215.250 is the VPN server
The 172.31.156.57 is the IP of TAP
The 194.228.2.1 is my ISPs DNS server (in my resolf.conf)
The 10.6.6.138 is my ADSL modem/router

I hope You will find the problem.

Thanks 

--kapetr




-------------- next part --------------
A non-text attachment was scrubbed...
Name: wirsh.libpcap
Type: application/octet-stream
Size: 24523 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110409/62d60793/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cmd.txt
Type: application/octet-stream
Size: 0 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110409/62d60793/attachment-0001.obj>

More information about the bind-users mailing list