[cs615asa] client host can't find DNS server

Pu (Piper) Zhao pzhao at stevens.edu
Sun Apr 4 12:01:40 EDT 2010 

Hi Sayre,

Thank you so much! I added an item " allow-querry { any; }; " to options and
then it finally works for other host. I was wondering why so few documents
mentions this option. It seems so important.

Anyway, thank you so much again!

Best,
Pu

On Sun, Apr 4, 2010 at 10:23 AM, Sayre Blades <sblades at stevens.edu> wrote:

> I would suggest re--checking your bind configuration.  Make sure that the
> options section of the named.conf file are set such that:
> -the listen-on option contains an ip address that is reachable over the
> network (i.e. ifconig eth0/en0 interface)
> -the allow-query option is set so that it will accept connections from that
> machine.
>
> Regards, -Sayre
>
>
> On Sun, Apr 4, 2010 at 2:44 AM, Pu (Piper) Zhao <pzhao at stevens.edu> wrote:
>
>> Hi guys,
>>
>> I'm sorry for bothering you again but I really could not get my DNS
>> working from other host.
>>
>> This is the tcpdump record on the DNS when other host tried to connect it.
>>
>> reading from file tcp.rec, link-type EN10MB (Ethernet)
>> 02:24:30.715199 arp who-has 10.254.227.** tell 169.254.1.0
>> 02:24:30.715216 arp reply 10.254.227.** is-at 12:31:39:00:dc:** (oui
>> Unknown)
>> 02:24:30.715270 IP 10.192.199.**.32878 > 10.254.227.**.domain: 47792+ A?
>> www.google.com. (32)
>> 02:24:30.715483 IP 10.254.227.**.domain > 10.192.199.**.32878: 47792 *
>> Refused*- 0/0/0 (32)
>>
>> The DNS works fine when it uses local host as DNS. This the tcpdump record
>> on the DNS when I dig www.google.com on DNS itself.
>>
>> reading from file tcp.rec, link-type EN10MB (Ethernet)
>> 02:32:24.969742 arp who-has 10.254.227.** tell 169.254.1.0
>> 02:32:24.969759 arp reply 10.254.227.** is-at 12:31:39:00:dc:** (oui
>> Unknown)
>> 02:32:24.976295 IP 10.254.227.**.domain > j.root-servers.net.domain: 60174
>> [1au] A? www.google.com. (43)
>> 02:32:24.978116 IP j.root-servers.net.domain > 10.254.227.**.domain:
>> 60174- 0/13/16 (531)
>> 02:32:24.978567 IP 10.254.227.**.domain > a.gtld-servers.net.domain: 37986
>> [1au] A? www.google.com. (43)
>> 02:32:25.063362 IP a.gtld-servers.net.domain > 10.254.227.**.domain:
>> 37986- 0/4/5 (179)
>> 02:32:25.063573 IP 10.254.227.**.domain > ns3.google.com.domain: 22519
>> [1au] A? www.google.com. (43)
>> 02:32:25.094676 IP ns3.google.com.domain > 10.254.227.**.domain: 22519*-
>> 5/0/0 CNAME www.l.google.com.,[|domain]
>> 02:32:25.094861 IP 10.254.227.**.domain > ns1.google.com.domain: 27694
>> [1au] A? www.l.google.com. (45)
>> 02:32:25.114528 IP ns1.google.com.domain > 10.254.227.**.domain: 27694*-
>> 4/0/0 A iad04s01-in-f104.1e100.net,[|domain]
>>
>> Anyone may have clue? I really appreciate that!
>>
>> Sincerely,
>> Pu
>>
>> On Fri, Apr 2, 2010 at 8:26 PM, Sayre Blades <sblades at stevens.edu> wrote:
>>
>>> Look at your /var/log/messages file... there may be some trace that
>>> indicates why named wont accept connections.  It probably has something to
>>> do with how BIND is configured.
>>>
>>> On Fri, Apr 2, 2010 at 7:22 PM, Pu (Piper) Zhao <pzhao at stevens.edu>wrote:
>>>
>>>> Hi Guys,
>>>>
>>>> Maybe someone can give me some clue. Really appreciate!
>>>>
>>>> I got stuck when client host try to connect the DNS server. The client
>>>> host's nameserver has already been assigned to the DNS server which I made,
>>>> but it just can not reach the DNS server, however, two instances could ping
>>>> each other. I also opened DNS Port 53 in EC2 Security Groups and named.conf
>>>> of bind9, but it didn't work. BTW, I use Debian + bind9 as DNS server and
>>>> another Debian as client.
>>>>
>>>> Thanks a lot in advance!
>>>>
>>>> Best,
>>>> Pu
>>>>
>>>> _______________________________________________
>>>> cs615asa mailing list
>>>> cs615asa at lists.stevens.edu
>>>> https://lists.stevens.edu/cgi-bin/mailman/listinfo/cs615asa
>>>>
>>>>
>>>
>>> _______________________________________________
>>> cs615asa mailing list
>>> cs615asa at lists.stevens.edu
>>> https://lists.stevens.edu/cgi-bin/mailman/listinfo/cs615asa
>>>
>>>
>>
>> _______________________________________________
>> cs615asa mailing list
>> cs615asa at lists.stevens.edu
>> https://lists.stevens.edu/cgi-bin/mailman/listinfo/cs615asa
>>
>>
>
> _______________________________________________
> cs615asa mailing list
> cs615asa at lists.stevens.edu
> https://lists.stevens.edu/cgi-bin/mailman/listinfo/cs615asa
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.stevens.edu/cgi-bin/mailman/private/cs615asa/attachments/20100404/dc1881df/attachment.htm

More information about the cs615asa mailing list