From owner-freebsd-questions@freebsd.org  Sun Sep 18 20:30:08 2016
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 83389BDF500
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Sun, 18 Sep 2016 20:30:08 +0000 (UTC)
 (envelope-from markoml@markoturk.info)
Received: from vps.markoturk.info (vps.markoturk.info [95.154.208.14])
 by mx1.freebsd.org (Postfix) with ESMTP id 54F9E114E
 for <freebsd-questions@freebsd.org>; Sun, 18 Sep 2016 20:30:07 +0000 (UTC)
 (envelope-from markoml@markoturk.info)
Received: from vps.markoturk.info (localhost [127.0.0.1])
 by vps.markoturk.info (Postfix) with ESMTP id C6BA12748E
 for <freebsd-questions@freebsd.org>; Sun, 18 Sep 2016 22:30:00 +0200 (CEST)
Date: Sun, 18 Sep 2016 22:29:59 +0200
From: Marko Turk <markoml@markoturk.info>
To: freebsd-questions@freebsd.org
Subject: Re: When `drill` works but `nc` doesn't
Message-ID: <20160918202959.GA2279@vps.markoturk.info>
References: <20160917134155.GA77669@box-hlm-03.niklaas.eu>
 <20160917192342.GA2305@vps.markoturk.info>
 <20160918113409.q7frsljfr2hcbj6g@box-hlm-03.niklaas.eu>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="UlVJffcvxoiEqYs2"
Content-Disposition: inline
In-Reply-To: <20160918113409.q7frsljfr2hcbj6g@box-hlm-03.niklaas.eu>
User-Agent: Mutt/1.6.1 (2016-04-27)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Sep 2016 20:30:08 -0000


--UlVJffcvxoiEqYs2
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi,

On Sun, Sep 18, 2016 at 01:34:09PM +0200, Niklaas Baudet von Gersdorff wrot=
e:
> Marko Turk [2016-09-17 21:23 +0200] :
>=20
> > >   $ sudo jexec www1 truss -D -o /tmp/truss-hostname nc -z mysql2.box-=
hlm-03.klaas 3306
> > >=20
> > >   $ sudo jexec www1 truss -D -o /tmp/truss-IP nc -z 10.3.5.3 3306
> > > [cut]
> >=20
> > Can you also post truss output when doing drill and tcpdump when doing
> > netcat with hostname?
>=20
> Of course. Please find attached "truss-drill" and
> "tcpdump-netcat". The first one I created with
>=20
>   $ sudo jexec www1 truss -o /tmp/truss-drill drill mysql2.box-hlm-03.kla=
as
>=20
> the second one with
>=20
>      1    $ sudo tcpdump -nettti lo0 \
>      2      \( src host 10.3.4.1 or \
>      3      src host fd16:dcc0:f4cc:3::4:1 or \
>      4      src host fd16:dcc0:f4cc:77::4:1 \) \
>      5      and not \( dst host 10.77.2.1 \
>      6      or dst host fd16:dcc0:f4cc:77::2:1 \) \
>      7      and not port 8080 and not \
>      8      \( host 10.3.2.1 or fd16:dcc0:f4cc:3::2:1 \)  > \
>      9      /tmp/tcpdump-nc
>=20

can you also add something like 'dst host 10.3.4.1' because (if I'm not
mistaken) you only capture packets originating from 10.3.4.1 and not the
replys.

> As you can see, I filtered out quite some packets in lines 5-8.
> 10.77.2.1 and 10.3.2.1 and the corresponding IPv6s are a proxy
> server that does health checks; plus I have a busy varnish-nginx
> set-up that communicates on port 8080. If I hadn't filtered out
> these packets, the dump would be unreadable.
>=20
> Investigating the dump I came across the following line:
>=20
>   00:00:00.000265 AF IPv4 (2), length 60: 10.3.4.1 > 10.3.3.1: ICMP 10.3.=
4.1 udp port 17918 unreachable, length 36
> [cut]

It seems you're getting the reply from the wrong IP (10.3.3.1). Can you
post you unbound config, specifically 'interface:' section?

-Marko

--UlVJffcvxoiEqYs2
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJX3vlGAAoJEHg6bF2mqM2ImnMQALNg9d8QJwhBLEfq7b7DFiI/
QFFaVlf01/9ZnIM3dW1HA0a6sAtctfkxOQCCBT9xilV/vTFk2ikgfZzJDbSCyoOw
yxT4k5hviEJ6xoM7YX2W73qRe0WLTVn2WhSH4JckeaykGXfWeeVyGs2JuKimqdy+
NuPt5yhvRFRxHW47hf35txGoFg4wuXlnoYWnwiL0pWanvbRld/HVb6zeZO0Iio69
m5jnpVcsagESWXew3O3zJTVzgrKK4xivNd036kNQ3uVtHYE+mw28EdaMff6A5s7k
8DZy7xBqhQccFJU6iHe/izYbXMxukP4BX1QGWAJ20pp8Ko0QclZSX4Yw3GosDfux
d9NTkPVj5g0eTBMpdSfowhfvAi2T8jahzaPJdwdi8YxOuWPXr+topgUrjSprWOKX
WJdjIEETFIKszjbVsmfrqUOP6yYO7Q0g45ShvAZsq/4EWVEt+wuKFzP3dgi3cmA9
a0sEAv8O2hhee/EkXijRXFytIKq2Dpb3K+pr21nZEMIximRB7OtbgZ2qqlnX75uy
AE5KgwGX6XmCsGC7L4qi8HlWRQ85FFoPKVqUsX0S/8Xm97fojAbS2oYb4vHLxS8+
on8y8CRN76keKB+1urbW4OGYC7sjkj+bllLs6htzj0anMvqFydp9YY/7Jmvd477C
xZf7+MliPXAjynJjemLo
=3QeI
-----END PGP SIGNATURE-----

--UlVJffcvxoiEqYs2--