Can ping dns server in Green, but cannot dig it from endian 2.5.1 box

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Can ping dns server in Green, but cannot dig it from endian 2.5.1 box

Steve Owley

Hello and thank you for your help,

 

I have an endian machine set up RGB for evaluation.  There is no special routing or NATing applied yet, just separate networks on the three NICs.  After I ssh into it using the Green address, I can ping the local DNS server (in the Green network) but I cannot dig it.  Dig reports that it cannot reach the server.  So it is as if TCP were working but not UDP, or at least not UDP port 53 to Green’s network.

 

I had thought that dnsmasq was grabbing the request and somehow failing to resolve the request—but if I set that to use the local DNS server for this domain it fails, just like dig did from the command prompt.

 

The setup should not cause confusion:

Green: 1.0.0.47 (network is 10.0.0.0/16)

Blue: 192.168.70.1 (network is 192.168.70.0/23)

Red: a fixed public address

 

This works: ping 10.0.1.159

This fails: dig @10.0.1.159 myserver.mydomain.org

But this works:  dig @208.67.222.222 myserver.mydomain.org (which I assume is going out through Red)

 

Thanks again if you have any advice for me.  If I can get this simple test working I will be in a good spot to continue the test.

Steve


------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. A cloud service to automate IT design, transition and operations
2. Dashboards that offer high-level views of enterprise services
3. A single system of record for all IT processes
http://p.sf.net/sfu/servicenow-d2d-j
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user
Reply | Threaded
Open this post in threaded view
|

Re: Can ping dns server in Green, but cannot dig it from endian 2.5.1 box

Matt Hayes
Is your internal DNS server authoritative for myserver.mydomain.org?  What is the error that dig returns?


On Fri, Jun 7, 2013 at 1:10 PM, Steve Owley <[hidden email]> wrote:

Hello and thank you for your help,

 

I have an endian machine set up RGB for evaluation.  There is no special routing or NATing applied yet, just separate networks on the three NICs.  After I ssh into it using the Green address, I can ping the local DNS server (in the Green network) but I cannot dig it.  Dig reports that it cannot reach the server.  So it is as if TCP were working but not UDP, or at least not UDP port 53 to Green’s network.

 

I had thought that dnsmasq was grabbing the request and somehow failing to resolve the request—but if I set that to use the local DNS server for this domain it fails, just like dig did from the command prompt.

 

The setup should not cause confusion:

Green: 1.0.0.47 (network is 10.0.0.0/16)

Blue: 192.168.70.1 (network is 192.168.70.0/23)

Red: a fixed public address

 

This works: ping 10.0.1.159

This fails: dig @10.0.1.159 myserver.mydomain.org

But this works:  dig @208.67.222.222 myserver.mydomain.org (which I assume is going out through Red)

 

Thanks again if you have any advice for me.  If I can get this simple test working I will be in a good spot to continue the test.

Steve


------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. A cloud service to automate IT design, transition and operations
2. Dashboards that offer high-level views of enterprise services
3. A single system of record for all IT processes
http://p.sf.net/sfu/servicenow-d2d-j
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user



------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. A cloud service to automate IT design, transition and operations
2. Dashboards that offer high-level views of enterprise services
3. A single system of record for all IT processes
http://p.sf.net/sfu/servicenow-d2d-j
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user
Reply | Threaded
Open this post in threaded view
|

Re: Can ping dns server in Green, but cannot dig it from endian 2.5.1 box

Steve Owley

Hi Matt and thank you,

 

The server is authoritative for this domain within its network—our ISP can resolve the same domain for external clients, but the internal DNS server does not know about that.  ( I look forward to the day when we are no longer doing things in this manner.)

 

Other linux computers within the network have no problem reaching this server and getting a response using dig.  Here is the error from endian:

 

; <<>> DiG 9.2.4 <<>> @10.0.1.159 myserver.mydomain.org

; (1 server found)

;; global options:  printcmd

;; connection timed out; no servers could be reached

 

Steve

 

From: Matt Hayes [mailto:[hidden email]]
Sent: Friday, June 07, 2013 1:27 PM
To: [hidden email]
Subject: Re: [Efw-user] Can ping dns server in Green, but cannot dig it from endian 2.5.1 box

 

Is your internal DNS server authoritative for myserver.mydomain.org?  What is the error that dig returns?

 

On Fri, Jun 7, 2013 at 1:10 PM, Steve Owley <[hidden email]> wrote:

Hello and thank you for your help,

 

I have an endian machine set up RGB for evaluation.  There is no special routing or NATing applied yet, just separate networks on the three NICs.  After I ssh into it using the Green address, I can ping the local DNS server (in the Green network) but I cannot dig it.  Dig reports that it cannot reach the server.  So it is as if TCP were working but not UDP, or at least not UDP port 53 to Green’s network.

 

I had thought that dnsmasq was grabbing the request and somehow failing to resolve the request—but if I set that to use the local DNS server for this domain it fails, just like dig did from the command prompt.

 

The setup should not cause confusion:

Green: 1.0.0.47 (network is 10.0.0.0/16)

Blue: 192.168.70.1 (network is 192.168.70.0/23)

Red: a fixed public address

 

This works: ping 10.0.1.159

This fails: dig @10.0.1.159 myserver.mydomain.org

But this works:  dig @208.67.222.222 myserver.mydomain.org (which I assume is going out through Red)

 

Thanks again if you have any advice for me.  If I can get this simple test working I will be in a good spot to continue the test.

Steve


------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. A cloud service to automate IT design, transition and operations
2. Dashboards that offer high-level views of enterprise services
3. A single system of record for all IT processes
http://p.sf.net/sfu/servicenow-d2d-j
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user

 


------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. A cloud service to automate IT design, transition and operations
2. Dashboards that offer high-level views of enterprise services
3. A single system of record for all IT processes
http://p.sf.net/sfu/servicenow-d2d-j
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user
Reply | Threaded
Open this post in threaded view
|

Re: Can ping dns server in Green, but cannot dig it from endian 2.5.1 box

Matt Hayes
Very strange.. what about looking up other domains through the same method?


On Fri, Jun 7, 2013 at 2:03 PM, Steve Owley <[hidden email]> wrote:

Hi Matt and thank you,

 

The server is authoritative for this domain within its network—our ISP can resolve the same domain for external clients, but the internal DNS server does not know about that.  ( I look forward to the day when we are no longer doing things in this manner.)

 

Other linux computers within the network have no problem reaching this server and getting a response using dig.  Here is the error from endian:

 

; <<>> DiG 9.2.4 <<>> @10.0.1.159 myserver.mydomain.org

; (1 server found)

;; global options:  printcmd

;; connection timed out; no servers could be reached

 

Steve

 

From: Matt Hayes [mailto:[hidden email]]
Sent: Friday, June 07, 2013 1:27 PM
To: [hidden email]
Subject: Re: [Efw-user] Can ping dns server in Green, but cannot dig it from endian 2.5.1 box

 

Is your internal DNS server authoritative for myserver.mydomain.org?  What is the error that dig returns?

 

On Fri, Jun 7, 2013 at 1:10 PM, Steve Owley <[hidden email]> wrote:

Hello and thank you for your help,

 

I have an endian machine set up RGB for evaluation.  There is no special routing or NATing applied yet, just separate networks on the three NICs.  After I ssh into it using the Green address, I can ping the local DNS server (in the Green network) but I cannot dig it.  Dig reports that it cannot reach the server.  So it is as if TCP were working but not UDP, or at least not UDP port 53 to Green’s network.

 

I had thought that dnsmasq was grabbing the request and somehow failing to resolve the request—but if I set that to use the local DNS server for this domain it fails, just like dig did from the command prompt.

 

The setup should not cause confusion:

Green: 1.0.0.47 (network is 10.0.0.0/16)

Blue: 192.168.70.1 (network is 192.168.70.0/23)

Red: a fixed public address

 

This works: ping 10.0.1.159

This fails: dig @10.0.1.159 myserver.mydomain.org

But this works:  dig @208.67.222.222 myserver.mydomain.org (which I assume is going out through Red)

 

Thanks again if you have any advice for me.  If I can get this simple test working I will be in a good spot to continue the test.

Steve


------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. A cloud service to automate IT design, transition and operations
2. Dashboards that offer high-level views of enterprise services
3. A single system of record for all IT processes
http://p.sf.net/sfu/servicenow-d2d-j
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user

 


------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. A cloud service to automate IT design, transition and operations
2. Dashboards that offer high-level views of enterprise services
3. A single system of record for all IT processes
http://p.sf.net/sfu/servicenow-d2d-j
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user



------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. A cloud service to automate IT design, transition and operations
2. Dashboards that offer high-level views of enterprise services
3. A single system of record for all IT processes
http://p.sf.net/sfu/servicenow-d2d-j
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user
Reply | Threaded
Open this post in threaded view
|

Re: Can ping dns server in Green, but cannot dig it from endian 2.5.1 box

Farzan Qureshi-2
In reply to this post by Steve Owley

What dns servers are defined under /etc/resolv.conf?

On 8/06/2013 5:24 AM, "Steve Owley" <[hidden email]> wrote:

Hello and thank you for your help,

 

I have an endian machine set up RGB for evaluation.  There is no special routing or NATing applied yet, just separate networks on the three NICs.  After I ssh into it using the Green address, I can ping the local DNS server (in the Green network) but I cannot dig it.  Dig reports that it cannot reach the server.  So it is as if TCP were working but not UDP, or at least not UDP port 53 to Green’s network.

 

I had thought that dnsmasq was grabbing the request and somehow failing to resolve the request—but if I set that to use the local DNS server for this domain it fails, just like dig did from the command prompt.

 

The setup should not cause confusion:

Green: 1.0.0.47 (network is 10.0.0.0/16)

Blue: 192.168.70.1 (network is 192.168.70.0/23)

Red: a fixed public address

 

This works: ping 10.0.1.159

This fails: dig @10.0.1.159 myserver.mydomain.org

But this works:  dig @208.67.222.222 myserver.mydomain.org (which I assume is going out through Red)

 

Thanks again if you have any advice for me.  If I can get this simple test working I will be in a good spot to continue the test.

Steve


------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. A cloud service to automate IT design, transition and operations
2. Dashboards that offer high-level views of enterprise services
3. A single system of record for all IT processes
http://p.sf.net/sfu/servicenow-d2d-j
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user


This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager ([hidden email]). Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. Rosmini College accepts no liability for any damage caused by any virus transmitted by this email.
------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. A cloud service to automate IT design, transition and operations
2. Dashboards that offer high-level views of enterprise services
3. A single system of record for all IT processes
http://p.sf.net/sfu/servicenow-d2d-j
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user
Reply | Threaded
Open this post in threaded view
|

Re: Can ping dns server in Green, but cannot dig it from endian 2.5.1 box

Miguel Angel Coa M.
Hello,
try running the command 
ip rule del from all fwmark 0x8/0x7f8 lookup uplink-main




From: "Farzan Qureshi" <[hidden email]>
To: [hidden email]
Sent: Friday, June 7, 2013 4:49:03 PM
Subject: Re: [Efw-user] Can ping dns server in Green, but cannot dig it from endian 2.5.1 box

What dns servers are defined under /etc/resolv.conf?


On 8/06/2013 5:24 AM, "Steve Owley" <[hidden email]> wrote:

Hello and thank you for your help,

 

I have an endian machine set up RGB for evaluation.  There is no special routing or NATing applied yet, just separate networks on the three NICs.  After I ssh into it using the Green address, I can ping the local DNS server (in the Green network) but I cannot dig it.  Dig reports that it cannot reach the server.  So it is as if TCP were working but not UDP, or at least not UDP port 53 to Green’s network.

 

I had thought that dnsmasq was grabbing the request and somehow failing to resolve the request—but if I set that to use the local DNS server for this domain it fails, just like dig did from the command prompt.

 

The setup should not cause confusion:

Green: 1.0.0.47 (network is 10.0.0.0/16)

Blue: 192.168.70.1 (network is 192.168.70.0/23)

Red: a fixed public address

 

This works: ping 10.0.1.159

This fails: dig @10.0.1.159 myserver.mydomain.org

But this works:  dig @208.67.222.222 myserver.mydomain.org (which I assume is going out through Red)

 

Thanks again if you have any advice for me.  If I can get this simple test working I will be in a good spot to continue the test.

Steve


------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. A cloud service to automate IT design, transition and operations
2. Dashboards that offer high-level views of enterprise services
3. A single system of record for all IT processes
http://p.sf.net/sfu/servicenow-d2d-j
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user


This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager ([hidden email]). Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. Rosmini College accepts no liability for any damage caused by any virus transmitted by this email.
------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. A cloud service to automate IT design, transition and operations
2. Dashboards that offer high-level views of enterprise services
3. A single system of record for all IT processes
http://p.sf.net/sfu/servicenow-d2d-j
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user


------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. A cloud service to automate IT design, transition and operations
2. Dashboards that offer high-level views of enterprise services
3. A single system of record for all IT processes
http://p.sf.net/sfu/servicenow-d2d-j
_______________________________________________
Efw-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/efw-user