Re: queer dns access problem

It sounds like a network configuration error somewhere.

Try doing the following:
-traceroute to the DNS server's IP address
-see if you can access anything outside your own network via IP (i.e. ping http)
-see what is the default route on the box not working (netstat -nr)

These three steps will help point the direction to look next.

Please accept my apology if, jumping in late I have missed any of these already.




Steve Phillips wrote:
Bill Tangren wrote:
Earlier you said you could ssh out of the broken box. Can you ssh to the
same segment or to a remote network? Can you log in to the box twice and
start a packet capture while you attempt a dns lookup? This might show us
if it is related to firewalling or routing.


If by the same segment, you mean within the same 10.1.5.x domain, I can
ssh if I use the IP number to the same segment (there are errors, but it
ultimately succeeds), but I cannot ssh out of the segment, with or without
IP number. Also, I can ssh into the broken box from within the segment.


[see below]

there is no 10.1.5.x segment, there is only a 10.x segment. You have both the working and non working box in the same network. I would be double checking hte network masks at this point as it does sound like you have a network masking problem. It may also help to know what boxes (ip ranges) are working and what ones are not, what exactly are you testing to.

like

on box a i can ssh to (using ip addresses)

10.1.5.1
10.1.6.1

but not 10.100.6.1

but 202.1.4.5 works as well

on box b all of the above work.

you could also try making your subnet masks smaller, your gateway is in 10.1.1.2 ? try reducing your mask to a /21 (255.255.248.0) and see if that allows you to reach the dns servers - at this point tho, you should really be getting a network tech involved or someone who has access to the dns servers and see how they are configured.



Ian

----- "Bill Tangren" <bjt@xxxxxxxxxxxxx> wrote:
On Dec 13, 2007 8:02 AM, Bill Tangren <bjt@xxxxxxxxxxxxx> wrote:

OK. Is the /8 netmask a cut and paste error too?
No, it is correct.

Your trouble could be a routing issue: 10.1.5.58/8 and
10.1.1.46/8 are
on the same subnet as far as the network layer is concerned so
there
is
no reason to go to the default route. Thats why I asked for a
traceroute too -- or mtr if you have it installed and it will



--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Relevant Pages

  • Re: intermittent DNS
    ... unable to SSH to this system from the outside world. ... when I get on I find that DNS isn't working (can't ping DNS ... DNS servers and network are fine from all other ... route table and output of ifconfig don't change between busted/working. ...
    (comp.os.linux.misc)
  • Re: DNS and Split Tunneling for VPN?
    ... DNS server to be in the 192.168.8.0 network, and then made sure its static ... DNS information was set to use the 8.0 network IP. ... That can cause you to overload the IP Segment with broadcasts if you climb ... hosts per segment. ...
    (microsoft.public.windows.server.networking)
  • Re: Setting up local network with router.
    ... The network segment between the DSL modem and the D-Link router. ... use my PC at 172.16.0.50 to request a web page from www.google.com. ...
    (microsoft.public.win2000.general)
  • Re: AppleTalk and Netatalk redeux
    ... I think a segment is simply all the devices on the same cable. ... These are roughly analogous to an ethernet hub for the AsanteTalk, and an ethernet router for the Gatorbox. ... With the AsanteTalk, you want the netatalk machine to be the network manager, called a seed router. ...
    (comp.sys.apple2)
  • =?Windows-1252?Q?Re:_Dan_Rather=92s_Lawsuit_Shows_Role_of_G.O.P._in_Inqui?= =?Windows-1252?Q
    ... When Dan Rather filed suit against CBS 14 months ago — ... quell Republican criticism of the network. ... charged with investigating the “60 Minutes” segment. ...
    (soc.retirement)