[Pdns-users] Problems with pdns-recursor
Andy Rabagliati
andyr at wizzy.com
Wed Jan 31 14:40:14 UTC 2007
On Wed, 31 Jan 2007, bert hubert wrote:
> On Wed, Jan 31, 2007 at 02:09:24PM +0200, Andy Rabagliati wrote:
>
> > The machine musselcracker is our firewall. My desktop (quail) routes through it.
> > From my desktop (also ubuntu dapper), I see this :-
>
> To recap:
>
> dig on desktop: can talk to 72.212.18.41, can't talk to 76.212.18.42
> dig on firewall: can't talk to 72.212.18.41, no data about 42
>
> From the immediacy of the error, I'm betting you have a firewall somewhere
> rejecting you - this is not a timeout.
>
> Check if there are firewall rules on the pdns machine itself (iptables -L -n
> -v), if that is not the case, run tcpdump on the pdns machine to see if
> packets actually leave the computer.
iptables has a large ruleset on this (pdns) machine, though nothing
out-of-the-ordinary.
However, other lookups work fine with pdns-recursor (this is an
operational machine, with a large LAN behind it) - only this one seems
to be a problem - maybe others.
> To summarise, I don't think this is a PowerDNS problem.
I hope not. It seems odd that my desktop can reach 72.212.18.41, and the
firewall cannot - I have no explanation for that. I just tried it again-
same story. iptables rules are generally more liberal from the firewall
itself than for traffic passing through - I use firehol as a ruleset
generator.
I was thinking it might be a UDP vs TCP issue ??
Maybe it is a weirdness of .za - and other people's funky blocklists.
I will try with a recursing bind9 setup - I thought I was done with
that- and let you know if anything different shows up.
Thanks again for your attention.
Cheers, Andy!
More information about the Pdns-users
mailing list