Date: Mon, 29 Feb 2016 13:28:11 -0500 From: Jon Radel <jon@radel.com> To: Sergei G <sergeig.public@gmail.com>, FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: DNS with host works, but not with mysql or ping Message-ID: <56D48DBB.5090305@radel.com> In-Reply-To: <CAFLLzCM-fjeLKt3twK_ijiheVBX2BQjfx_8qrRNFi_1mAo-aLA@mail.gmail.com> References: <CAFLLzCMntj4X2vLWd1VG=heE5S5sNVFsiSPNqyc8MAwPiWbMOw@mail.gmail.com> <CAFLLzCM-fjeLKt3twK_ijiheVBX2BQjfx_8qrRNFi_1mAo-aLA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a cryptographically signed message in MIME format. --------------ms070806090900020608060408 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: quoted-printable On 2/29/16 1:10 PM, Sergei G wrote: > It appears that host is suffering from the same problem: > > host yahoo.com > yahoo.com has address 206.190.36.45 > yahoo.com has address 98.138.253.109 > yahoo.com has address 98.139.183.24 > yahoo.com has IPv6 address 2001:4998:44:204::a7 > yahoo.com has IPv6 address 2001:4998:58:c02::a9 > yahoo.com has IPv6 address 2001:4998:c:a06::2:4008 > yahoo.com mail is handled by 1 mta7.am0.yahoodns.net. > yahoo.com mail is handled by 1 mta6.am0.yahoodns.net. > yahoo.com mail is handled by 1 mta5.am0.yahoodns.net. > > > fetch http://206.190.36.45 (yahoo) > times out Well, actually that's a different problem as that's not using the FQDN. > > On Mon, Feb 29, 2016 at 9:57 AM, Sergei G <sergeig.public@gmail.com> wr= ote: > >> If I use host command to resolve name to IP, then I get a correct IP. >> >> If I use ping, mysql, fetch commands, then DNS fails to resolve. I ca= n't >> quite figure out what the difference is. DNS fails to resolve or the connection times out? I suspect the latter. >> block drop in log on bce0 all >> ... >> pass in quick on bce0 inet proto udp from 10.0.1.0/24 to 10.0.1.10 por= t =3D >> domain keep state >> pass in quick on bce0 inet proto udp from 192.168.3.0/24 to 10.0.1.10 >> port =3D domain keep state >> ... >> pass out quick on bce0 inet proto udp from any to any port =3D domain = keep >> state >> ... I didn't analyze line-by-line in excruciating detail, but.... I rather = suspect that the lack of a line that allows for outbound HTTP traffic=20 that sets up state for the return packets means that all the HTTP return = packets get zapped by your default drop. DNS works so much better as=20 you have a "pass out quick" for DNS that keeps state. Since you log all = that blockage, how about looking in your logs??????? BTW, given that your DNS pass statements are setup to allow only UDP,=20 DNS is still broken, but only in an intermittent fashion that will=20 eventually drive you insane. You might want to fix that too. --Jon Radel jon@radel.com --------------ms070806090900020608060408 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC Cq8wggSvMIIDl6ADAgECAhEA4CPLFRKDU4mtYW56VGdrITANBgkqhkiG9w0BAQsFADBvMQsw CQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4 dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 MB4XDTE0MTIyMjAwMDAwMFoXDTIwMDUzMDEwNDgzOFowgZsxCzAJBgNVBAYTAkdCMRswGQYD VQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNP TU9ETyBDQSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVu dGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAImxDdp6UxlOcFIdvFamBia3uEngludRq/HwWhNJFaO0jBtgvHpRQqd5jKQi3xdh TpHVdiMKFNNKAn+2HQmAbqUEPdm6uxb+oYepLkNSQxZ8rzJQyKZPWukI2M+TJZx7iOgwZOak +FaA/SokFDMXmaxE5WmLo0YGS8Iz1OlAnwawsayTQLm1CJM6nCpToxDbPSBhPFUDjtlOdiUC ISn6o3xxdk/u4V+B6ftUgNvDezVSt4TeIj0sMC0xf1m9UjewM2ktQ+v61qXxl3dnUYzZ7ifr vKUHOHaMpKk4/9+M9QOsSb7K93OZOg8yq5yVOhM9DkY6V3RhUL7GQD/L5OKfoiECAwEAAaOC ARcwggETMB8GA1UdIwQYMBaAFK29mHo0tCb3+sQmVO8DveAky1QaMB0GA1UdDgQWBBSSYWuC 4aKgqk/sZ/HCo/e0gADB7DAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVybmFs Q0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVz ZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQELBQADggEBABsqbqxVwTqriMXY7c1V86prYSvACRAj mQ/FZmpvsfW0tXdeDwJhAN99Bf4Ss6SAgAD8+x1banICCkG8BbrBWNUmwurVTYT7/oKYz1gb 4yJjnFL4uwU2q31Ypd6rO2Pl2tVz7+zg+3vio//wQiOcyraNTT7kSxgDsqgt1Ni7QkuQaYUQ 26Y3NOh74AEQpZzKOsefT4g0bopl0BqKu6ncyso20fT8wmQpNa/WsadxEdIDQ7GPPprsnjJT 9HaSyoY0B7ksyuYcStiZDcGG4pCS+1pCaiMhEOllx/XVu37qjIUgAmLq0ToHLFnFmTPyOInl tukWeh95FPZKEBom+nyK+5swggX4MIIE4KADAgECAhBzVOU8fWu0zQ1gaQ38zgEbMA0GCSqG SIb3DQEBCwUAMIGbMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVy MRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UE AxM4Q09NT0RPIFNIQS0yNTYgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1h aWwgQ0EwHhcNMTUwMzMwMDAwMDAwWhcNMTgwMzI5MjM1OTU5WjCB+jELMAkGA1UEBhMCVVMx DjAMBgNVBBETBTIyMTUwMQswCQYDVQQIEwJWQTEUMBIGA1UEBxMLU3ByaW5nZmllbGQxGjAY BgNVBAkTETY5MTcgUmlkZ2V3YXkgRHIuMRUwEwYDVQQKEwxKb24gVC4gUmFkZWwxMjAwBgNV BAsTKUlzc3VlZCB0aHJvdWdoIEpvbiBULiBSYWRlbCBFLVBLSSBNYW5hZ2VyMR8wHQYDVQQL ExZDb3Jwb3JhdGUgU2VjdXJlIEVtYWlsMRIwEAYDVQQDEwlKb24gUmFkZWwxHDAaBgkqhkiG 9w0BCQEWDWpvbkByYWRlbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDe 1Rth9hbQqaODn++C5dVAQH9nM2VH3oPazZufOwmIG2SXI/v3PuemcQQ3JkhmpQ06gYszyXbk TCLsqvEfalYj81jdt/K5lT4aVdj0LfJIWyTcU95V2rsCuHsSvn/PnIcsEtXg53rCtqS4EOtJ 9u3rY2hP8YCiyz1yY3mn4nKJs93MHG4AkXYuVpzfaIADETcVrA+razvXEfnDJXXDZZ9ZuuV1 06yIovOvhYWSlaVu8nrSHJjXFZI2IXwgIeVBoMih3yu6LLj14I/YdZ0rIA8K+UNB+NW6Ri3u wHXBbr4jh3ZqkrqIVUrf1VeybhdrJcdqXdMNHjKDSlCoaxYRbLy1AgMBAAGjggHVMIIB0TAf BgNVHSMEGDAWgBSSYWuC4aKgqk/sZ/HCo/e0gADB7DAdBgNVHQ4EFgQUz9YB10WEfBNHskRw o/0vh8qaQuwwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYB BQUHAwQGCCsGAQUFBwMCMEYGA1UdIAQ/MD0wOwYMKwYBBAGyMQECAQMFMCswKQYIKwYBBQUH AgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5uZXQvQ1BTMF0GA1UdHwRWMFQwUqBQoE6GTGh0 dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1NIQTI1NkNsaWVudEF1dGhlbnRpY2F0aW9u YW5kU2VjdXJlRW1haWxDQS5jcmwwgZAGCCsGAQUFBwEBBIGDMIGAMFgGCCsGAQUFBzAChkxo dHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9TSEEyNTZDbGllbnRBdXRoZW50aWNhdGlv bmFuZFNlY3VyZUVtYWlsQ0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9j YS5jb20wGAYDVR0RBBEwD4ENam9uQHJhZGVsLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAS1Pe +gBgP+SQ/a5I5e7zX0Rg0DhH378LHlZixJgS6LfCPL2edKMUQi3Th9GXfLjdeyeWuMWoz925 ZzBHcPwkBeH+iM/AEhu0Dhi0kop/p66g9tEPJUZ/KDsqxddNDrD0Typn3/33pHTjJEDqydzA gwB0Nn8blpMbqSwT+j8wuPakfLsj1cSDzXrTLLsmIQB7auAyaYXdWyW8Yqw336rLUCvjOUfn qOOyjVsieTw/0PLoOHJaGyez+VtV4eyi6p1SNiX32A+fvxBMzKQLCokE43cXItc9Okzq//f2 fuvGp17r8mpm4OjjM5E2kwsg9bBPUBMR4/sxosKVLn0o9rxlozGCBEEwggQ9AgEBMIGwMIGb MQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdT YWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UEAxM4Q09NT0RPIFNI QS0yNTYgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEHNU5Tx9 a7TNDWBpDfzOARswDQYJYIZIAWUDBAIBBQCgggJhMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B BwEwHAYJKoZIhvcNAQkFMQ8XDTE2MDIyOTE4MjgxMVowLwYJKoZIhvcNAQkEMSIEIFKJ2PyG IFjQOggkdE4tYZFZ0Po7rZZA2dlQC0251cReMGwGCSqGSIb3DQEJDzFfMF0wCwYJYIZIAWUD BAEqMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcN AwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwgcEGCSsGAQQBgjcQBDGBszCBsDCBmzEL MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2Fs Zm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxQTA/BgNVBAMTOENPTU9ETyBTSEEt MjU2IENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhBzVOU8fWu0 zQ1gaQ38zgEbMIHDBgsqhkiG9w0BCRACCzGBs6CBsDCBmzELMAkGA1UEBhMCR0IxGzAZBgNV BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N T0RPIENBIExpbWl0ZWQxQTA/BgNVBAMTOENPTU9ETyBTSEEtMjU2IENsaWVudCBBdXRoZW50 aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhBzVOU8fWu0zQ1gaQ38zgEbMA0GCSqGSIb3 DQEBAQUABIIBADxPXzuiVq+3o7TB/kr47ygEWPGTICsDOVO75NAFY9yNG1xk/fDIxxjLN3Yq 81dDIkaj0EU5Xs+hOgIFGK2fUo9jOGksNjXqiow6iShYfJdegL/JZFO1TS1ZtttWahOvDU5w j56PvtVEn4XIjZTKt55V7EI5DJrArtA4UITNTIKiHFbZYpzicMOmTaRLWwxGjH2zjpqVyIp8 s7BZkXfsw1cDA00ZxA/KUYi68dNg2mvCwNf8ue0sQh06/oCeaiMLdSLmwCuTxNdyWTssgEj0 FjtHckscV95+zNS3sKHD24S6eiJV6wBGpS9vLGl4Cq8pgVaNB7JxIacw4id0ICU5OysAAAAA AAA= --------------ms070806090900020608060408--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?56D48DBB.5090305>