DNS server works but keep getting "host unreachable resolving" error
Mark Andrews
marka at isc.org
Mon Sep 21 22:17:21 UTC 2009
In message <865284.37771.qm at web36203.mail.mud.yahoo.com>, Shi Jin writes:
>
> > "host unreachable" is one of the clearer error messages, so
> > you need
> > to do some digging. From the box that you've set up bind9
> > on you'll
> > need to use dig to query the ISP's name servers. If that
> > works, then
> > you'll have to use tcpdump on that box to find out what
> > named is doing.
> >
> > Doug
> >
> Thank you very much.
> Your suggestion to use "tcpdump" actually is very helpful. It clearly shows:
> ICMP host 216.171.238.67 unreachable - admin prohibited, length 87
Yet you claim that dig to 216.171.238.67 works. I think you need to provide
a full trace not the summary that a plain tcpdump gives.
Add -Xvvv to the set of flags you used with tcpdump.
> So I think this most likely has to do with the firewall setup. Probably I should enable ICMP redirect? Could anyone confirm? And
> is this safe?
>
> Thank you very much.
> Shi
>
>
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list