[SLL] Good Netfilter/BIND stumper -- more details
Mark D. Foster
mark at foster.cc
Wed Jan 2 12:30:14 PST 2008
Brad Willson wrote:
> ...finally 'nmap -sU localhost'
> PORT STATE SERVICE
> 53/udp open|filtered domain
> 161/udp open|filtered snmp
> 10080/udp open|filtered amanda
>
> from /etc/sysctl.conf
>
> kernel.sysrq = 0
> net.ipv4.ip_forward = 1
> net.ipv4.conf.default.accept_source_route = 0
> net.ipv4.conf.default.rp_filter = 1
> net.ipv4.tcp_syncookies = 1
> kernel.core_uses_pid = 1
> net.ipv4.icmp_ratelimit = 250 <--was 1000
>
Can you resolve from the client systems pointing at one or more of the
name servers?
e.g.
dig @ns google.com
or
dig @w.x.y.z google.com
where w.x.y.z is the ip address of ns.
Also, ping and traceroute both take the -n flag to ignore name
resolution, that'll help remove broken DNS from the equation.
--
Said one park ranger, 'There is considerable overlap between the
intelligence of the smartest bears and the dumbest tourists.'
Mark D. Foster, CISSP <mark at foster.cc> http://mark.foster.cc/
More information about the linux-list
mailing list