your mail
John W. Blue
john.blue at rrcic.com
Sat Jan 15 14:46:52 UTC 2022
Not be ornery but honestly, for me, globs of text that is pasted into an email is TLDR because I cannot *do* anything with it. So I skip it out of hand.
A real tcpdump packet capture is a file that can be loaded by wireshark and analyzed.
tcpdump -n -i <interface eg eth0> port 53 -w <filename.pcap>
One from the client and one from the server is ideal.
John
From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Diego Garcia
Sent: Saturday, January 15, 2022 7:38 AM
To: bind-users at lists.isc.org
Subject: Re: your mail
hello.
really? my first post have a tcpdump capture packet, dig trace...
On Sat, Jan 15, 2022 at 2:14 PM G.W. Haywood via bind-users <bind-users at lists.isc.org<mailto:bind-users at lists.isc.org>> wrote:
Hi there,
On Sat, 15 Jan 2022, Diego Garcia wrote:
> Still with problems. That setup was running fine for few years.
But you changed something.
> Bind Server is on DMZ and doing NAT for the local net. Test Server is
> behing NAT
>
> Must have another problem
>
> I try this days a lot of things and nothing works,
Generally speaking, if you set things up right, BIND Just Works. It
must be a couple of decades since I last had to fiddle with anything
to fix a broken BIND server.
It is not helpful to us if you tell us that you have tried a lot of things.
It would be much more helpful if you told us exactly what you have tried
and exactly what were the results. You need to be methodical and precise.
> think in try reinstall but i preferred to know what happened and solve it
'Reinstall' to me means the sort of thing that you do if you're
working on a Windows box. If you're using a real computer it's
usually much better to find out what's going wrong and fix it.
> ...
> network unreachable resolving 'play.google.com/A/IN<http://play.google.com/A/IN>': 216.239.36.10#53
> ...
If you are getting 'network unreachable' messages then likely there's
something wrong with your network setup. Before doing anything else,
you need to fix that. It may or may not be a problem of your making,
but given that you said you are using BIND on a server in a DMZ then I
suspect that it is. Using a DMZ will make things more complicated and
the faults will be more difficult to diagnose - especially for people
on mailing lists to whom you give little and very poor information.
It *looks* like BIND is trying to make queries but failing to connect
to anything to make them.
You do not appear to have acted on the good advice which was given to
you after your previous post. Are you able to use tools like 'ping'
and 'traceroute' to diagnose network problems, also like Wireshark or
tcpdump to inspect network traffic? These would be my first steps in
approaching this kind of problem. You will need to know that packets
from the BIND server can go where they're supposed to go and replies
reach the server in good time. You might also need to be able to see
exactly what BIND sends, where it sends it, exactly what it receives
(if anything) in reply to what it sends, and perhaps where the replies
come from. If there are no replies, or the replies go to the wrong
place, you need to be able to show that and find out why.
What exactly are you trying to achieve which cannot be achieved by
simply using a public DNS service, or one provided by your ISP?
--
73,
Ged.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users at lists.isc.org<mailto:bind-users at lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220115/601c19aa/attachment-0001.htm>
More information about the bind-users
mailing list