can't-resolve

Sten Carlsen stenc at s-carlsen.dk
Sun Dec 28 10:02:32 UTC 2014 

If there is no firewall, then what about fixed routing that allows one IP access but not the other?

Your focus should be to find the difference between the two IPs in the network. If the same configuration works on one IP but not on the other, then the configuration should not be the main point of interest.

My 0.02$

-- 
Best regards

Sten Carlsen

No improvements come from shouting:

      "MALE BOVINE MANURE!!!"

> On 28 Dec 2014, at 09:09, Ejaz <mejaz at cyberia.net.sa> wrote:
> 
> Thanks for the suggestion 
> 
> I am sure No firewall at all.  Also See I now I have reassigned  the my
> previous IP which is 212.119.64.12, after that everything is fine. It
> wouldn't have worked with this IP if there is firewall on the box??
> 
> Regards,
> Mohammed Ejaz
> CYBERIAR SAUDI ARABIA
> P.O.Box 301079, Riyadh 11372, Saudi Arabia
> Tel: +966 11 464 7114 Ext. 140
> Fax: +966 11 465 4735
> 
> -----Original Message-----
> From: bind-users-bounces at lists.isc.org
> [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Warren Kumari
> Sent: Saturday, December 27, 2014 2:27 AM
> To: Barry Margolin
> Cc: comp-protocols-dns-bind at isc.org
> Subject: Re: can't-resolve
> 
> Also, from querying from the outside (with TCP):
> 
> ~# dig +tcp www.auth-servers.net   @212.119.64.228
> ; <<>> DiG 9.10.1-P1 <<>> +tcp www.auth-servers.net @212.119.64.228 ;;
> global options: +cmd ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 20716 ;; flags: qr rd
> ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;www.auth-servers.net.          IN      A
> 
> ;; Query time: 8260 msec
> ;; SERVER: 212.119.64.228#53(212.119.64.228) ;; WHEN: Fri Dec 26 18:18:30
> EST 2014 ;; MSG SIZE  rcvd: 49
> 
> Then trying the same query a few seconds later:
> dig +tcp www.auth-servers.net   @212.119.64.228
> 
> ; <<>> DiG 9.10.1-P1 <<>> +tcp www.auth-servers.net @212.119.64.228 ;;
> global options: +cmd ;; connection timed out; no servers could be reached
> 
> This really looks like a firewall -- perhaps there is some firewall software
> on the box itself?
> 
> W
> 
> 
>> On Fri, Dec 26, 2014 at 6:17 PM, Warren Kumari <warren at kumari.net> wrote:
>> What OS is this machine running?
>> 
>> Interestingly enough, it is unpingable, and a quick nmap fingerprints it
> as:
>> Running: Sun Solaris 8
>> OS CPE: cpe:/o:sun:sunos:5.8
>> OS details: Sun Solaris 8 (SPARC)
>> 
>> nmap could only find one open port (TCP 53 :-)) and so its 
>> fingerprinting is unreliable, but it *does* look like you are behind a 
>> firewall type devices.
>> It is unusual for machines themselves to not respond to pings.
>> 
>> fpdns says:
>> fingerprint (212.119.64.228, 212.119.64.228): ISC BIND 9.2.3rc1 --
>> 9.6.1-P1 [recursion enabled]
>> 
>> 
>> 
>> On Fri, Dec 26, 2014 at 5:55 PM, Barry Margolin <barmar at alum.mit.edu>
> wrote:
>>> In article <mailman.1330.1419633581.26362.bind-users at lists.isc.org>,
>>> "Ejaz" <mejaz at cyberia.net.sa> wrote:
>>> 
>>>> I am sure sir there is no firewall on  in the server you can make 
>>>> sure by telnet to the port 53 of this IP 212.119.64.228
>>> 
>>> That doesn't mean anything. The firewall may be blocking OUTGOING 
>>> packets to port 53, or they're blocking the returning replies (which 
>>> go to an ephemeral port).
>>> 
>>>> 
>>>> 
>>>> Regards,
>>>> Mohammed Ejaz
>>>> CYBERIAR SAUDI ARABIA
>>>> P.O.Box 301079, Riyadh 11372, Saudi Arabia
>>>> Tel: +966 11 464 7114 Ext. 140
>>>> Fax: +966 11 465 4735
>>>> 
>>>> -----Original Message-----
>>>> From: bind-users-bounces at lists.isc.org 
>>>> [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Matus UHLAR - 
>>>> fantomas
>>>> Sent: Friday, December 26, 2014 7:35 PM
>>>> To: bind-users at lists.isc.org
>>>> Subject: Re: can't-resolve
>>>> 
>>>>> On 26.12.14 19:21, Ejaz wrote:
>>>>> When  run "dig a yahoo.com @212.119.64.228 below is the ouput.
>>>>> 
>>>>> yahoo.com. (38)
>>>>> 17:39:41.363532 IP 212.119.64.228.37891 > 212.119.64.228.domain: 34168+
>>>>> [1au] A?                           yahoo.com. (38)
>>>>> 17:39:42.246993 IP 212.119.64.228.53702 > 192.5.5.241.domain: 58238 
>>>>> [1au]
>>>> A?
>>>>> yah                          oo.com. (38)
>>>>> 17:39:42.247012 IP 212.119.64.228.45701 > 192.5.5.241.domain: 13223
> [1au]
>>>>> NS? .                           (28)
>>>>> 17:39:43.047148 IP 212.119.64.228.43795 > 128.63.2.53.domain: 1539 A?
>>>>> yahoo.com.                           (27)
>>>>> 17:39:43.047154 IP 212.119.64.228.55178 > 128.63.2.53.domain: 56002 NS?
> .
>>>>> (17)
>>>>> 17:39:43.847447 IP 212.119.64.228.61664 > 192.58.128.30.domain: 165 A?
>>>>> yahoo.com                          . (27)
>>>>> 17:39:43.847542 IP 212.119.64.228.30239 > 192.58.128.30.domain: 11435
> NS? .
>>>>> (17)
>>>>> 17:39:44.995096 IP 212.119.64.228.24477 > 199.7.83.42.domain: 25645 
>>>>> [1au]
>>>> A?
>>>>> yahoo.com. (38)
>>>>> 17:39:44.995162 IP 212.119.64.228.22170 > 199.7.83.42.domain: 44767 
>>>>> [1au] NS? . (28)
>>>>> 17:39:45.897226 IP 212.119.64.228.35574 > 199.7.91.13.domain: 29284 A?
>>>>> yahoo.com. (27)
>>>>> 17:39:45.897233 IP 212.119.64.228.36946 > 199.7.91.13.domain: 17626 NS?
> .
>>>>> (17)
>>>>> 17:39:46.363642 IP 212.119.64.228.37891 > 212.119.64.228.domain: 
>>>>> 34168+ [1au] A? yahoo.com. (38)
>>>>> 17:39:46.370282 IP 212.119.64.228.domain > 212.119.64.228.37891: 
>>>>> 34168 ServFail 0/0/1 (38)
>>>> 
>>>> these are just outgoing DNS requests , no replies coming back.
>>>> Are you sure there is no firewall, or "security" gateway between 
>>>> your server and the world?
>>>> 
>>>> 
>>>> --
>>>> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
>>>> Warning: I wish NOT to receive e-mail advertising to this address.
>>>> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>>>> 42.7 percent of all statistics are made up on the spot.
>>>> _______________________________________________
>>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
>>>> unsubscribe from this list
>>>> 
>>>> bind-users mailing list
>>>> bind-users at lists.isc.org
>>>> https://lists.isc.org/mailman/listinfo/bind-users
>>> 
>>> --
>>> Barry Margolin
>>> Arlington, MA
>>> _______________________________________________
>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
>>> unsubscribe from this list
>>> 
>>> bind-users mailing list
>>> bind-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/bind-users
>> 
>> 
>> 
>> --
>> I don't think the execution is relevant when it was obviously a bad 
>> idea in the first place.
>> This is like putting rabid weasels in your pants, and later expressing 
>> regret at having chosen those particular rabid weasels and that pair 
>> of pants.
>>   ---maf
> 
> 
> 
> --
> I don't think the execution is relevant when it was obviously a bad idea in
> the first place.
> This is like putting rabid weasels in your pants, and later expressing
> regret at having chosen those particular rabid weasels and that pair of
> pants.
>   ---maf
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> 
> -- 
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list