From owner-freebsd-questions@freebsd.org Mon Feb 29 18:52:17 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DA00DAB8783 for ; Mon, 29 Feb 2016 18:52:16 +0000 (UTC) (envelope-from sergeig.public@gmail.com) Received: from mail-vk0-x236.google.com (mail-vk0-x236.google.com [IPv6:2607:f8b0:400c:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 91C0B1178 for ; Mon, 29 Feb 2016 18:52:16 +0000 (UTC) (envelope-from sergeig.public@gmail.com) Received: by mail-vk0-x236.google.com with SMTP id e185so143564367vkb.1 for ; Mon, 29 Feb 2016 10:52:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=ZoSAAktdUEg2zUhzf/jKCq1dbnKefdOQjlU0RRvYGtM=; b=0PDM0dsvUNS086vsRjVP4Tz51wf+fHiSYEzhCRKTMPpIuugDVy3wTDW6JNqMW9Tkfk itt3waAPXAzsx+Zwra5p0CCIxO0pF22Q/aAhTylz31yLlCkqenTFvEXb3XIcd/aDejxD khJCHPSEzMvTywICNC+Ls3ZKuiIEnL60p4nkiOfxEjV0mEFioEKm7KBU87/5t1h8v3tQ xhREBpqMPXWokycRGT0Wr2dEOUWEkCDqUd/fTMairotwXX8pLDQ4CwSQmHuuMKqAIHpp suo2oK0t56OiRMu1s4vDtUPqeBrN0cumU2APE1/QPqHPrWkOx5WQdNxtsSOP9HRc7r3u 5QsA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=ZoSAAktdUEg2zUhzf/jKCq1dbnKefdOQjlU0RRvYGtM=; b=H5UgBbXqyzK+XHgSYwP9rclpTqx1xvM+kzGS1MMZ8JxCj4bqZvXSR8jeq/sZUOr0Dz KDBazoC9G1ahZNFRE73MCnD13Fa7UPFgPTTvoA1odkl/GmjbnlX9IxHqiRXqb6VpeJND YKIsEzlb35cfNgI0iE9U+elUo38bYVavqs63zpsKNWgxXU0tnnlufddrrNfKoVko6ht6 KJDhgWPAzHd8KkeGgpvjbscYGErR8Z0izXAxHIhxNxS9QMzx8NbPjMs0cL1dcYvGWck/ bo1pZSj0UGdwe4ReQYESJ+BHSrYCetnVW8rhEkw8ke+lj0C1WeU/QpgKc3uTiciBCG60 jXzw== X-Gm-Message-State: AD7BkJICA+9i2KdAEDIAf0wEDNsxfyOjsi7YZl9/QrNezr4qVFG8huBHPR5cxPWPKKqF+9aqA+JDBiAe9Awfmg== MIME-Version: 1.0 X-Received: by 10.31.135.79 with SMTP id j76mr11038953vkd.91.1456771935495; Mon, 29 Feb 2016 10:52:15 -0800 (PST) Received: by 10.31.174.132 with HTTP; Mon, 29 Feb 2016 10:52:15 -0800 (PST) In-Reply-To: <56D48F62.9060804@gmail.com> References: <56D48F62.9060804@gmail.com> Date: Mon, 29 Feb 2016 10:52:15 -0800 Message-ID: Subject: Re: DNS with host works, but not with mysql or ping From: Sergei G To: Michael Beasley Cc: FreeBSD Questions Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Feb 2016 18:52:17 -0000 Thank you. I did find that host was not passing output http, because I was missing a statement. so, I am now to just properly configuring DNS. On Mon, Feb 29, 2016 at 10:35 AM, Michael Beasley wrote: > > > On 02/29/2016 01:10 PM, Sergei G wrote: > >> It appears that host is suffering from the same problem: >> >> host yahoo.com >> yahoo.com has address 206.190.36.45 >> yahoo.com has address 98.138.253.109 >> yahoo.com has address 98.139.183.24 >> yahoo.com has IPv6 address 2001:4998:44:204::a7 >> yahoo.com has IPv6 address 2001:4998:58:c02::a9 >> yahoo.com has IPv6 address 2001:4998:c:a06::2:4008 >> yahoo.com mail is handled by 1 mta7.am0.yahoodns.net. >> yahoo.com mail is handled by 1 mta6.am0.yahoodns.net. >> yahoo.com mail is handled by 1 mta5.am0.yahoodns.net. >> >> >> fetch http://206.190.36.45 (yahoo) >> times out >> >> >> On Mon, Feb 29, 2016 at 9:57 AM, Sergei G >> wrote: >> >> If I use host command to resolve name to IP, then I get a correct IP. >>> >>> If I use ping, mysql, fetch commands, then DNS fails to resolve. I can't >>> quite figure out what the difference is. >>> >>> Jailed machine configuration: >>> >>> 1) issue is inside jailed system >>> 2) /etc/resolv.conf points to host's machine with nameserver 10.0.1.10 >>> >>> Host machine: >>> 1) runs firewall >>> 2) runs local_unbind on all 53 ports >>> 3) runs nsd for private network on 1053 port. >>> >>> I am quite confused ATM. >>> >>> pfctl -sr Output on the host: >>> >>> No ALTQ support in kernel >>> ALTQ related functions disabled >>> scrub in all fragment reassemble >>> block drop in log on bce0 all >>> block return in log on bce0 proto tcp from any to any port = ssh >>> block drop in log (to pflog1) quick on bce0 proto tcp from any to any >>> port >>> = mdns >>> block drop in log (to pflog1) quick on bce0 proto tcp from any to any >>> port >>> = 17500 >>> block drop in log (to pflog1) quick on bce0 proto udp from any to any >>> port >>> = mdns >>> block drop in log (to pflog1) quick on bce0 proto udp from any to any >>> port >>> = 17500 >>> block drop in quick on bce0 proto udp from any to any port = netbios-ns >>> block drop in quick on bce0 proto udp from any to any port = netbios-dgm >>> block drop in quick on bce0 proto udp from any to any port = 1900 >>> block drop in quick on bce0 proto udp from any to any port = sunrpc >>> block drop in quick on bce0 proto tcp from any to any port = >>> commplex-main >>> block drop in log (to pflog1) quick on bce0 proto igmp all >>> block drop in quick on bce0 inet proto udp from 0.0.0.0 port = bootpc to >>> any port = bootps >>> pass in quick on bce0 inet proto udp from 10.0.1.1 port = bootps to any >>> port = bootpc keep state >>> pass out quick on bce0 inet proto udp from any port = bootpc to 10.0.1.1 >>> port = bootps keep state >>> block drop in log (to pflog1) quick on bce0 inet6 all >>> pass in quick on bce0 inet proto tcp from 10.0.1.0/24 to 10.0.1.10 port >>> = >>> domain flags S/SA keep state >>> pass in quick on bce0 inet proto tcp from 10.0.1.0/24 to 10.0.1.10 port >>> = >>> ssh flags S/SA keep state >>> pass in quick on bce0 inet proto tcp from 192.168.3.0/24 to 10.0.1.10 >>> port = domain flags S/SA keep state >>> pass in quick on bce0 inet proto tcp from any to 10.0.1.10 port = http >>> flags S/SA keep state >>> pass in quick on bce0 inet proto tcp from any to 10.0.1.10 port = https >>> flags S/SA keep state >>> pass in quick on bce0 inet proto tcp from any to 10.0.1.10 port = auth >>> flags S/SA keep state >>> pass in quick on bce0 inet proto tcp from 198.182.9.1 to 10.0.1.10 port = >>> ssh flags S/SA keep state >>> pass in quick on bce0 inet proto tcp from 10.0.1.101 port = 8090 to >>> 10.0.1.10 flags S/SA keep state >>> pass in quick on bce0 inet proto udp from 10.0.1.0/24 to 10.0.1.10 port >>> = >>> domain keep state >>> pass in quick on bce0 inet proto udp from 192.168.3.0/24 to 10.0.1.10 >>> port = domain keep state >>> pass in quick on bce0 inet proto icmp from 10.0.1.0/24 to 10.0.1.10 >>> icmp-type echoreq keep state >>> pass in log quick on bce0 inet proto tcp from 10.0.1.0/24 to 10.0.1.10 >>> port = domain flags S/SA keep state >>> pass in log quick on bce0 inet proto tcp from 10.0.1.0/24 to 10.0.1.10 >>> port = 1053 flags S/SA keep state >>> pass in log quick on bce0 inet proto udp from 10.0.1.0/24 to 10.0.1.10 >>> port = domain keep state >>> pass in log quick on bce0 inet proto udp from 10.0.1.0/24 to 10.0.1.10 >>> port = 1053 keep state >>> pass in log quick on lo0 inet proto tcp from 10.0.1.0/24 to 127.0.0.1 >>> port = 1053 flags S/SA keep state >>> pass in log quick on lo0 inet proto udp from 10.0.1.0/24 to 127.0.0.1 >>> port = 1053 keep state >>> pass in quick on bce0 inet proto tcp from 10.0.1.0/24 to 192.168.3.17 >>> port = imap flags S/SA keep state >>> pass in quick on bce0 inet proto tcp from 10.0.1.0/24 to 192.168.3.17 >>> port = smtp flags S/SA keep state >>> pass in quick on bce0 inet proto tcp from 10.0.1.0/24 to 192.168.3.17 >>> port = submission flags S/SA keep state >>> pass in quick on bce0 inet proto tcp from 192.168.3.0/24 to 192.168.3.17 >>> port = imap flags S/SA keep state >>> pass in quick on bce0 inet proto tcp from 192.168.3.0/24 to 192.168.3.17 >>> port = smtp flags S/SA keep state >>> pass in quick on bce0 inet proto tcp from 192.168.3.0/24 to 192.168.3.17 >>> port = submission flags S/SA keep state >>> pass in quick on bce0 inet proto tcp from 10.0.1.10 to 192.168.3.11 port >>> = >>> 9000 flags S/SA keep state >>> pass in quick on bce0 inet proto tcp from 10.0.1.10 to 192.168.3.15 port >>> = >>> 9000 flags S/SA keep state >>> pass in quick on bce0 inet proto tcp from 10.0.1.10 to 192.168.3.22 port >>> = >>> 9000 flags S/SA keep state >>> pass in quick on bce0 inet proto tcp from 10.0.1.10 to 192.168.3.13 port >>> = >>> 9001 flags S/SA keep state >>> pass out quick on bce0 inet proto tcp from 10.0.1.10 to 10.0.1.101 port = >>> 8090 flags S/SA keep state >>> pass out quick on bce0 inet proto udp from any to any port = domain keep >>> state >>> pass out quick on bce0 inet proto icmp all icmp-type echoreq keep state >>> pass in on bce0 inet proto tcp from 10.0.1.0/24 to any port = ftp flags >>> S/SA keep state >>> pass in on bce0 inet proto tcp from 10.0.1.0/24 to any port > 49151 >>> flags >>> S/SA keep state >>> >>> >>> Do you encounter the same issue when you specify an external resolver? > What happens if you dig the domain from within the jailed environment? > > dig yahoo.com +trace > dig yahoo.com +trace @8.8.8.8 > > -Mike B. > > _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to " >> freebsd-questions-unsubscribe@freebsd.org" >> > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >