Re: queer dns access problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



It sounds like a network configuration error somewhere.

Try doing the following:
-traceroute to the DNS server's IP address
-see if you can access anything outside your own network via IP (i.e. ping http)
-see what is the default route on the box not working (netstat -nr)

These three steps will help point the direction to look next.

Please accept my apology if, jumping in late I have missed any of these already.




Steve Phillips wrote:
Bill Tangren wrote:
Earlier you said you could ssh out of the broken box. Can you ssh to the same segment or to a remote network? Can you log in to the box twice and start a packet capture while you attempt a dns lookup? This might show us
if it is related to firewalling or routing.


If by the same segment, you mean within the same 10.1.5.x domain, I can
ssh if I use the IP number to the same segment (there are errors, but it
ultimately succeeds), but I cannot ssh out of the segment, with or without
IP number. Also, I can ssh into the broken box from within the segment.


[see below]

there is no 10.1.5.x segment, there is only a 10.x segment. You have both the working and non working box in the same network. I would be double checking hte network masks at this point as it does sound like you have a network masking problem. It may also help to know what boxes (ip ranges) are working and what ones are not, what exactly are you testing to.

like

on box a i can ssh to (using ip addresses)

10.1.5.1
10.1.6.1

but not 10.100.6.1

but 202.1.4.5 works as well

on box b all of the above work.

you could also try making your subnet masks smaller, your gateway is in 10.1.1.2 ? try reducing your mask to a /21 (255.255.248.0) and see if that allows you to reach the dns servers - at this point tho, you should really be getting a network tech involved or someone who has access to the dns servers and see how they are configured.



Ian

----- "Bill Tangren" <bjt@xxxxxxxxxxxxx> wrote:
On Dec 13, 2007 8:02 AM, Bill Tangren <bjt@xxxxxxxxxxxxx> wrote:

OK. Is the /8 netmask a cut and paste error too?
No, it is correct.

Your trouble could be a routing issue: 10.1.5.58/8 and
10.1.1.46/8 are
on the same subnet as far as the network layer is concerned so
there
is
no reason to go to the default route.  Thats why I asked for a
traceroute too -- or mtr if you have it installed and it will



--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux