[SLL] Good Netfilter/BIND stumper -- more details
Brad Willson
bwil150n at u.washington.edu
Wed Jan 2 12:42:06 PST 2008
Mark D. Foster wrote:
> Brad Willson wrote:
>
>> ...finally 'nmap -sU localhost'
>> PORT STATE SERVICE
>> 53/udp open|filtered domain
>> 161/udp open|filtered snmp
>> 10080/udp open|filtered amanda
>>
>> from /etc/sysctl.conf
>>
>> kernel.sysrq = 0
>> net.ipv4.ip_forward = 1
>> net.ipv4.conf.default.accept_source_route = 0
>> net.ipv4.conf.default.rp_filter = 1
>> net.ipv4.tcp_syncookies = 1
>> kernel.core_uses_pid = 1
>> net.ipv4.icmp_ratelimit = 250 <--was 1000
>>
>>
> Can you resolve from the client systems pointing at one or more of the
> name servers?
> e.g.
> dig @ns google.com
> or
> dig @w.x.y.z google.com
> where w.x.y.z is the ip address of ns.
>
> Also, ping and traceroute both take the -n flag to ignore name
> resolution, that'll help remove broken DNS from the equation.
>
>
Thanks Mark,
Neither fqdn or dotted quad work for dig...both fail with
; <<>> DiG 9.4.2 <<>> @ns google.com
; (1 server found)
;; global options: printcmd
;; connection timed out; no servers could be reached
As for ping -n 64.233.167.99
PING 64.233.167.99 (64.233.167.99) 56(84) bytes of data.
64 bytes from 64.233.167.99: icmp_seq=1 ttl=239 time=50.7 ms
64 bytes from 64.233.167.99: icmp_seq=2 ttl=239 time=49.7 ms
64 bytes from 64.233.167.99: icmp_seq=3 ttl=239 time=49.7 ms
64 bytes from 64.233.167.99: icmp_seq=4 ttl=239 time=49.6 ms
So...my nameserver is broken? (I'm running on 4h of sleep in the past
many hours)
--
Brad Willson, Sr. Computer Specialist
UW GeneTests, UW Box: 358735
EM: bwil150n at u.washington.edu
W: 206.221.4674, C: 425.891.2732
http://www.genetests.org
More information about the linux-list
mailing list