Date: Mon, 29 Feb 2016 10:52:15 -0800 From: Sergei G <sergeig.public@gmail.com> To: Michael Beasley <youvegotmoxie@gmail.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: DNS with host works, but not with mysql or ping Message-ID: <CAFLLzCNy0LPv4pHEnqrzohiF5TP8gMiviZ-UeXRPrc2jDKcr4A@mail.gmail.com> In-Reply-To: <56D48F62.9060804@gmail.com> References: <CAFLLzCMntj4X2vLWd1VG=heE5S5sNVFsiSPNqyc8MAwPiWbMOw@mail.gmail.com> <CAFLLzCM-fjeLKt3twK_ijiheVBX2BQjfx_8qrRNFi_1mAo-aLA@mail.gmail.com> <56D48F62.9060804@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thank you. I did find that host was not passing output http, because I was missing a statement. so, I am now to just properly configuring DNS. On Mon, Feb 29, 2016 at 10:35 AM, Michael Beasley <youvegotmoxie@gmail.com> wrote: > > > On 02/29/2016 01:10 PM, Sergei G wrote: > >> It appears that host is suffering from the same problem: >> >> host yahoo.com >> yahoo.com has address 206.190.36.45 >> yahoo.com has address 98.138.253.109 >> yahoo.com has address 98.139.183.24 >> yahoo.com has IPv6 address 2001:4998:44:204::a7 >> yahoo.com has IPv6 address 2001:4998:58:c02::a9 >> yahoo.com has IPv6 address 2001:4998:c:a06::2:4008 >> yahoo.com mail is handled by 1 mta7.am0.yahoodns.net. >> yahoo.com mail is handled by 1 mta6.am0.yahoodns.net. >> yahoo.com mail is handled by 1 mta5.am0.yahoodns.net. >> >> >> fetch http://206.190.36.45 (yahoo) >> times out >> >> >> On Mon, Feb 29, 2016 at 9:57 AM, Sergei G <sergeig.public@gmail.com> >> wrote: >> >> If I use host command to resolve name to IP, then I get a correct IP. >>> >>> If I use ping, mysql, fetch commands, then DNS fails to resolve. I can't >>> quite figure out what the difference is. >>> >>> Jailed machine configuration: >>> >>> 1) issue is inside jailed system >>> 2) /etc/resolv.conf points to host's machine with nameserver 10.0.1.10 >>> >>> Host machine: >>> 1) runs firewall >>> 2) runs local_unbind on all 53 ports >>> 3) runs nsd for private network on 1053 port. >>> >>> I am quite confused ATM. >>> >>> pfctl -sr Output on the host: >>> >>> No ALTQ support in kernel >>> ALTQ related functions disabled >>> scrub in all fragment reassemble >>> block drop in log on bce0 all >>> block return in log on bce0 proto tcp from any to any port = ssh >>> block drop in log (to pflog1) quick on bce0 proto tcp from any to any >>> port >>> = mdns >>> block drop in log (to pflog1) quick on bce0 proto tcp from any to any >>> port >>> = 17500 >>> block drop in log (to pflog1) quick on bce0 proto udp from any to any >>> port >>> = mdns >>> block drop in log (to pflog1) quick on bce0 proto udp from any to any >>> port >>> = 17500 >>> block drop in quick on bce0 proto udp from any to any port = netbios-ns >>> block drop in quick on bce0 proto udp from any to any port = netbios-dgm >>> block drop in quick on bce0 proto udp from any to any port = 1900 >>> block drop in quick on bce0 proto udp from any to any port = sunrpc >>> block drop in quick on bce0 proto tcp from any to any port = >>> commplex-main >>> block drop in log (to pflog1) quick on bce0 proto igmp all >>> block drop in quick on bce0 inet proto udp from 0.0.0.0 port = bootpc to >>> any port = bootps >>> pass in quick on bce0 inet proto udp from 10.0.1.1 port = bootps to any >>> port = bootpc keep state >>> pass out quick on bce0 inet proto udp from any port = bootpc to 10.0.1.1 >>> port = bootps keep state >>> block drop in log (to pflog1) quick on bce0 inet6 all >>> pass in quick on bce0 inet proto tcp from 10.0.1.0/24 to 10.0.1.10 port >>> = >>> domain flags S/SA keep state >>> pass in quick on bce0 inet proto tcp from 10.0.1.0/24 to 10.0.1.10 port >>> = >>> ssh flags S/SA keep state >>> pass in quick on bce0 inet proto tcp from 192.168.3.0/24 to 10.0.1.10 >>> port = domain flags S/SA keep state >>> pass in quick on bce0 inet proto tcp from any to 10.0.1.10 port = http >>> flags S/SA keep state >>> pass in quick on bce0 inet proto tcp from any to 10.0.1.10 port = https >>> flags S/SA keep state >>> pass in quick on bce0 inet proto tcp from any to 10.0.1.10 port = auth >>> flags S/SA keep state >>> pass in quick on bce0 inet proto tcp from 198.182.9.1 to 10.0.1.10 port = >>> ssh flags S/SA keep state >>> pass in quick on bce0 inet proto tcp from 10.0.1.101 port = 8090 to >>> 10.0.1.10 flags S/SA keep state >>> pass in quick on bce0 inet proto udp from 10.0.1.0/24 to 10.0.1.10 port >>> = >>> domain keep state >>> pass in quick on bce0 inet proto udp from 192.168.3.0/24 to 10.0.1.10 >>> port = domain keep state >>> pass in quick on bce0 inet proto icmp from 10.0.1.0/24 to 10.0.1.10 >>> icmp-type echoreq keep state >>> pass in log quick on bce0 inet proto tcp from 10.0.1.0/24 to 10.0.1.10 >>> port = domain flags S/SA keep state >>> pass in log quick on bce0 inet proto tcp from 10.0.1.0/24 to 10.0.1.10 >>> port = 1053 flags S/SA keep state >>> pass in log quick on bce0 inet proto udp from 10.0.1.0/24 to 10.0.1.10 >>> port = domain keep state >>> pass in log quick on bce0 inet proto udp from 10.0.1.0/24 to 10.0.1.10 >>> port = 1053 keep state >>> pass in log quick on lo0 inet proto tcp from 10.0.1.0/24 to 127.0.0.1 >>> port = 1053 flags S/SA keep state >>> pass in log quick on lo0 inet proto udp from 10.0.1.0/24 to 127.0.0.1 >>> port = 1053 keep state >>> pass in quick on bce0 inet proto tcp from 10.0.1.0/24 to 192.168.3.17 >>> port = imap flags S/SA keep state >>> pass in quick on bce0 inet proto tcp from 10.0.1.0/24 to 192.168.3.17 >>> port = smtp flags S/SA keep state >>> pass in quick on bce0 inet proto tcp from 10.0.1.0/24 to 192.168.3.17 >>> port = submission flags S/SA keep state >>> pass in quick on bce0 inet proto tcp from 192.168.3.0/24 to 192.168.3.17 >>> port = imap flags S/SA keep state >>> pass in quick on bce0 inet proto tcp from 192.168.3.0/24 to 192.168.3.17 >>> port = smtp flags S/SA keep state >>> pass in quick on bce0 inet proto tcp from 192.168.3.0/24 to 192.168.3.17 >>> port = submission flags S/SA keep state >>> pass in quick on bce0 inet proto tcp from 10.0.1.10 to 192.168.3.11 port >>> = >>> 9000 flags S/SA keep state >>> pass in quick on bce0 inet proto tcp from 10.0.1.10 to 192.168.3.15 port >>> = >>> 9000 flags S/SA keep state >>> pass in quick on bce0 inet proto tcp from 10.0.1.10 to 192.168.3.22 port >>> = >>> 9000 flags S/SA keep state >>> pass in quick on bce0 inet proto tcp from 10.0.1.10 to 192.168.3.13 port >>> = >>> 9001 flags S/SA keep state >>> pass out quick on bce0 inet proto tcp from 10.0.1.10 to 10.0.1.101 port = >>> 8090 flags S/SA keep state >>> pass out quick on bce0 inet proto udp from any to any port = domain keep >>> state >>> pass out quick on bce0 inet proto icmp all icmp-type echoreq keep state >>> pass in on bce0 inet proto tcp from 10.0.1.0/24 to any port = ftp flags >>> S/SA keep state >>> pass in on bce0 inet proto tcp from 10.0.1.0/24 to any port > 49151 >>> flags >>> S/SA keep state >>> >>> >>> Do you encounter the same issue when you specify an external resolver? > What happens if you dig the domain from within the jailed environment? > > dig yahoo.com +trace > dig yahoo.com +trace @8.8.8.8 > > -Mike B. > > _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to " >> freebsd-questions-unsubscribe@freebsd.org" >> > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFLLzCNy0LPv4pHEnqrzohiF5TP8gMiviZ-UeXRPrc2jDKcr4A>