your mail

Sat Jan 15 13:37:55 UTC 2022

hello.

really? my first post have a tcpdump capture packet, dig trace...

On Sat, Jan 15, 2022 at 2:14 PM G.W. Haywood via bind-users <
bind-users at lists.isc.org> wrote:

> Hi there,
>
> On Sat, 15 Jan 2022, Diego Garcia wrote:
>
> > Still with problems. That setup was running fine for few years.
>
> But you changed something.
>
> > Bind Server is on DMZ and doing NAT for the local net. Test Server is
> > behing NAT
> >
> > Must have another problem
> >
> > I try this days a lot of things and nothing works,
>
> Generally speaking, if you set things up right, BIND Just Works.  It
> must be a couple of decades since I last had to fiddle with anything
> to fix a broken BIND server.
>
> It is not helpful to us if you tell us that you have tried a lot of things.
> It would be much more helpful if you told us exactly what you have tried
> and exactly what were the results.  You need to be methodical and precise.
>
> > think in try reinstall but i preferred to know what happened and solve it
>
> 'Reinstall' to me means the sort of thing that you do if you're
> working on a Windows box.  If you're using a real computer it's
> usually much better to find out what's going wrong and fix it.
>
> > ...
> > network unreachable resolving 'play.google.com/A/IN': 216.239.36.10#53
> > ...
>
> If you are getting 'network unreachable' messages then likely there's
> something wrong with your network setup.  Before doing anything else,
> you need to fix that.  It may or may not be a problem of your making,
> but given that you said you are using BIND on a server in a DMZ then I
> suspect that it is.  Using a DMZ will make things more complicated and
> the faults will be more difficult to diagnose - especially for people
> on mailing lists to whom you give little and very poor information.
>
> It *looks* like BIND is trying to make queries but failing to connect
> to anything to make them.
>
> You do not appear to have acted on the good advice which was given to
> you after your previous post.  Are you able to use tools like 'ping'
> and 'traceroute' to diagnose network problems, also like Wireshark or
> tcpdump to inspect network traffic?  These would be my first steps in
> approaching this kind of problem.  You will need to know that packets
> from the BIND server can go where they're supposed to go and replies
> reach the server in good time.  You might also need to be able to see
> exactly what BIND sends, where it sends it, exactly what it receives
> (if anything) in reply to what it sends, and perhaps where the replies
> come from.  If there are no replies, or the replies go to the wrong
> place, you need to be able to show that and find out why.
>
> What exactly are you trying to achieve which cannot be achieved by
> simply using a public DNS service, or one provided by your ISP?
>
> --
>
> 73,
> Ged.
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220115/4b66b036/attachment.htm>