queer dns access problem

Steve Phillips steve at focb.co.nz
Mon Dec 17 23:47:50 UTC 2007 

Bill Tangren wrote:
>> Earlier you said you could ssh out of the broken box.  Can you ssh to the
>> same segment or to a remote network?  Can you log in to the box twice and
>> start a packet capture while you attempt a dns lookup?  This might show us
>> if it is related to firewalling or routing.
> 
> 
> If by the same segment, you mean within the same 10.1.5.x domain, I can
> ssh if I use the IP number to the same segment (there are errors, but it
> ultimately succeeds), but I cannot ssh out of the segment, with or without
> IP number. Also, I can ssh into the broken box from within the segment.
> 

[see below]

there is no 10.1.5.x segment, there is only a 10.x segment. You have 
both the working and non working box in the same network. I would be 
double checking hte network masks at this point as it does sound like 
you have a network masking problem. It may also help to know what boxes 
(ip ranges) are working and what ones are not, what exactly are you 
testing to.

like

on box a i can ssh to (using ip addresses)

10.1.5.1
10.1.6.1

but not 10.100.6.1

but 202.1.4.5 works as well

on box b all of the above work.

you could also try making your subnet masks smaller, your gateway is in 
10.1.1.2 ? try reducing your mask to a /21 (255.255.248.0) and see if 
that allows you to reach the dns servers - at this point tho, you should 
really be getting a network tech involved or someone who has access to 
the dns servers and see how they are configured.


> 
>> Ian
>>
>> ----- "Bill Tangren" <bjt at usno.navy.mil> wrote:
>>>> On Dec 13, 2007 8:02 AM, Bill Tangren <bjt at usno.navy.mil> wrote:
>>>>
>>>>>> OK. Is the /8 netmask a cut and paste error too?
>>>>> No, it is correct.
>>>>>
>>>>>> Your trouble could be a routing issue: 10.1.5.58/8 and
>>> 10.1.1.46/8 are
>>>>>> on the same subnet as far as the network layer is concerned so
>>> there
>>>>> is
>>>>>> no reason to go to the default route.  Thats why I asked for a
>>>>>> traceroute too -- or mtr if you have it installed and it will


-- 
Steve
()  ascii ribbon campaign - against html e-mail
/\  www.asciiribbon.org   - against proprietary attachments

More information about the redhat-list mailing list