Date: Mon, 29 Feb 2016 10:10:44 -0800 From: Sergei G <sergeig.public@gmail.com> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: DNS with host works, but not with mysql or ping Message-ID: <CAFLLzCM-fjeLKt3twK_ijiheVBX2BQjfx_8qrRNFi_1mAo-aLA@mail.gmail.com> In-Reply-To: <CAFLLzCMntj4X2vLWd1VG=heE5S5sNVFsiSPNqyc8MAwPiWbMOw@mail.gmail.com> References: <CAFLLzCMntj4X2vLWd1VG=heE5S5sNVFsiSPNqyc8MAwPiWbMOw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
It appears that host is suffering from the same problem: host yahoo.com yahoo.com has address 206.190.36.45 yahoo.com has address 98.138.253.109 yahoo.com has address 98.139.183.24 yahoo.com has IPv6 address 2001:4998:44:204::a7 yahoo.com has IPv6 address 2001:4998:58:c02::a9 yahoo.com has IPv6 address 2001:4998:c:a06::2:4008 yahoo.com mail is handled by 1 mta7.am0.yahoodns.net. yahoo.com mail is handled by 1 mta6.am0.yahoodns.net. yahoo.com mail is handled by 1 mta5.am0.yahoodns.net. fetch http://206.190.36.45 (yahoo) times out On Mon, Feb 29, 2016 at 9:57 AM, Sergei G <sergeig.public@gmail.com> wrote: > If I use host command to resolve name to IP, then I get a correct IP. > > If I use ping, mysql, fetch commands, then DNS fails to resolve. I can't > quite figure out what the difference is. > > Jailed machine configuration: > > 1) issue is inside jailed system > 2) /etc/resolv.conf points to host's machine with nameserver 10.0.1.10 > > Host machine: > 1) runs firewall > 2) runs local_unbind on all 53 ports > 3) runs nsd for private network on 1053 port. > > I am quite confused ATM. > > pfctl -sr Output on the host: > > No ALTQ support in kernel > ALTQ related functions disabled > scrub in all fragment reassemble > block drop in log on bce0 all > block return in log on bce0 proto tcp from any to any port = ssh > block drop in log (to pflog1) quick on bce0 proto tcp from any to any port > = mdns > block drop in log (to pflog1) quick on bce0 proto tcp from any to any port > = 17500 > block drop in log (to pflog1) quick on bce0 proto udp from any to any port > = mdns > block drop in log (to pflog1) quick on bce0 proto udp from any to any port > = 17500 > block drop in quick on bce0 proto udp from any to any port = netbios-ns > block drop in quick on bce0 proto udp from any to any port = netbios-dgm > block drop in quick on bce0 proto udp from any to any port = 1900 > block drop in quick on bce0 proto udp from any to any port = sunrpc > block drop in quick on bce0 proto tcp from any to any port = commplex-main > block drop in log (to pflog1) quick on bce0 proto igmp all > block drop in quick on bce0 inet proto udp from 0.0.0.0 port = bootpc to > any port = bootps > pass in quick on bce0 inet proto udp from 10.0.1.1 port = bootps to any > port = bootpc keep state > pass out quick on bce0 inet proto udp from any port = bootpc to 10.0.1.1 > port = bootps keep state > block drop in log (to pflog1) quick on bce0 inet6 all > pass in quick on bce0 inet proto tcp from 10.0.1.0/24 to 10.0.1.10 port = > domain flags S/SA keep state > pass in quick on bce0 inet proto tcp from 10.0.1.0/24 to 10.0.1.10 port = > ssh flags S/SA keep state > pass in quick on bce0 inet proto tcp from 192.168.3.0/24 to 10.0.1.10 > port = domain flags S/SA keep state > pass in quick on bce0 inet proto tcp from any to 10.0.1.10 port = http > flags S/SA keep state > pass in quick on bce0 inet proto tcp from any to 10.0.1.10 port = https > flags S/SA keep state > pass in quick on bce0 inet proto tcp from any to 10.0.1.10 port = auth > flags S/SA keep state > pass in quick on bce0 inet proto tcp from 198.182.9.1 to 10.0.1.10 port = > ssh flags S/SA keep state > pass in quick on bce0 inet proto tcp from 10.0.1.101 port = 8090 to > 10.0.1.10 flags S/SA keep state > pass in quick on bce0 inet proto udp from 10.0.1.0/24 to 10.0.1.10 port = > domain keep state > pass in quick on bce0 inet proto udp from 192.168.3.0/24 to 10.0.1.10 > port = domain keep state > pass in quick on bce0 inet proto icmp from 10.0.1.0/24 to 10.0.1.10 > icmp-type echoreq keep state > pass in log quick on bce0 inet proto tcp from 10.0.1.0/24 to 10.0.1.10 > port = domain flags S/SA keep state > pass in log quick on bce0 inet proto tcp from 10.0.1.0/24 to 10.0.1.10 > port = 1053 flags S/SA keep state > pass in log quick on bce0 inet proto udp from 10.0.1.0/24 to 10.0.1.10 > port = domain keep state > pass in log quick on bce0 inet proto udp from 10.0.1.0/24 to 10.0.1.10 > port = 1053 keep state > pass in log quick on lo0 inet proto tcp from 10.0.1.0/24 to 127.0.0.1 > port = 1053 flags S/SA keep state > pass in log quick on lo0 inet proto udp from 10.0.1.0/24 to 127.0.0.1 > port = 1053 keep state > pass in quick on bce0 inet proto tcp from 10.0.1.0/24 to 192.168.3.17 > port = imap flags S/SA keep state > pass in quick on bce0 inet proto tcp from 10.0.1.0/24 to 192.168.3.17 > port = smtp flags S/SA keep state > pass in quick on bce0 inet proto tcp from 10.0.1.0/24 to 192.168.3.17 > port = submission flags S/SA keep state > pass in quick on bce0 inet proto tcp from 192.168.3.0/24 to 192.168.3.17 > port = imap flags S/SA keep state > pass in quick on bce0 inet proto tcp from 192.168.3.0/24 to 192.168.3.17 > port = smtp flags S/SA keep state > pass in quick on bce0 inet proto tcp from 192.168.3.0/24 to 192.168.3.17 > port = submission flags S/SA keep state > pass in quick on bce0 inet proto tcp from 10.0.1.10 to 192.168.3.11 port = > 9000 flags S/SA keep state > pass in quick on bce0 inet proto tcp from 10.0.1.10 to 192.168.3.15 port = > 9000 flags S/SA keep state > pass in quick on bce0 inet proto tcp from 10.0.1.10 to 192.168.3.22 port = > 9000 flags S/SA keep state > pass in quick on bce0 inet proto tcp from 10.0.1.10 to 192.168.3.13 port = > 9001 flags S/SA keep state > pass out quick on bce0 inet proto tcp from 10.0.1.10 to 10.0.1.101 port = > 8090 flags S/SA keep state > pass out quick on bce0 inet proto udp from any to any port = domain keep > state > pass out quick on bce0 inet proto icmp all icmp-type echoreq keep state > pass in on bce0 inet proto tcp from 10.0.1.0/24 to any port = ftp flags > S/SA keep state > pass in on bce0 inet proto tcp from 10.0.1.0/24 to any port > 49151 flags > S/SA keep state > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFLLzCM-fjeLKt3twK_ijiheVBX2BQjfx_8qrRNFi_1mAo-aLA>