Date: Mon, 29 Feb 2016 10:56:37 -0800 From: Sergei G <sergeig.public@gmail.com> To: Michael Beasley <youvegotmoxie@gmail.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: DNS with host works, but not with mysql or ping Message-ID: <CAFLLzCOh074fcuDCKW2x=J3DJaH5Bp2g_Wh-c6ngWY7jjwib7Q@mail.gmail.com> In-Reply-To: <CAFLLzCNy0LPv4pHEnqrzohiF5TP8gMiviZ-UeXRPrc2jDKcr4A@mail.gmail.com> References: <CAFLLzCMntj4X2vLWd1VG=heE5S5sNVFsiSPNqyc8MAwPiWbMOw@mail.gmail.com> <CAFLLzCM-fjeLKt3twK_ijiheVBX2BQjfx_8qrRNFi_1mAo-aLA@mail.gmail.com> <56D48F62.9060804@gmail.com> <CAFLLzCNy0LPv4pHEnqrzohiF5TP8gMiviZ-UeXRPrc2jDKcr4A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I have no dig inside jail, but drill works and reports from 10.0.1.10 (local_unbind server): drill yahoo.com ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 25675 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; yahoo.com. IN A ;; ANSWER SECTION: yahoo.com. 1034 IN A 98.139.183.24 yahoo.com. 1034 IN A 98.138.253.109 yahoo.com. 1034 IN A 206.190.36.45 ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 0 msec ;; SERVER: 10.0.1.10 ;; WHEN: Mon Feb 29 18:57:16 2016 ;; MSG SIZE rcvd: 75 On Mon, Feb 29, 2016 at 10:52 AM, Sergei G <sergeig.public@gmail.com> wrote: > Thank you. > > I did find that host was not passing output http, because I was missing a > statement. > > so, I am now to just properly configuring DNS. > > On Mon, Feb 29, 2016 at 10:35 AM, Michael Beasley <youvegotmoxie@gmail.com > > wrote: > >> >> >> On 02/29/2016 01:10 PM, Sergei G wrote: >> >>> It appears that host is suffering from the same problem: >>> >>> host yahoo.com >>> yahoo.com has address 206.190.36.45 >>> yahoo.com has address 98.138.253.109 >>> yahoo.com has address 98.139.183.24 >>> yahoo.com has IPv6 address 2001:4998:44:204::a7 >>> yahoo.com has IPv6 address 2001:4998:58:c02::a9 >>> yahoo.com has IPv6 address 2001:4998:c:a06::2:4008 >>> yahoo.com mail is handled by 1 mta7.am0.yahoodns.net. >>> yahoo.com mail is handled by 1 mta6.am0.yahoodns.net. >>> yahoo.com mail is handled by 1 mta5.am0.yahoodns.net. >>> >>> >>> fetch http://206.190.36.45 (yahoo) >>> times out >>> >>> >>> On Mon, Feb 29, 2016 at 9:57 AM, Sergei G <sergeig.public@gmail.com> >>> wrote: >>> >>> If I use host command to resolve name to IP, then I get a correct IP. >>>> >>>> If I use ping, mysql, fetch commands, then DNS fails to resolve. I >>>> can't >>>> quite figure out what the difference is. >>>> >>>> Jailed machine configuration: >>>> >>>> 1) issue is inside jailed system >>>> 2) /etc/resolv.conf points to host's machine with nameserver 10.0.1.10 >>>> >>>> Host machine: >>>> 1) runs firewall >>>> 2) runs local_unbind on all 53 ports >>>> 3) runs nsd for private network on 1053 port. >>>> >>>> I am quite confused ATM. >>>> >>>> pfctl -sr Output on the host: >>>> >>>> No ALTQ support in kernel >>>> ALTQ related functions disabled >>>> scrub in all fragment reassemble >>>> block drop in log on bce0 all >>>> block return in log on bce0 proto tcp from any to any port = ssh >>>> block drop in log (to pflog1) quick on bce0 proto tcp from any to any >>>> port >>>> = mdns >>>> block drop in log (to pflog1) quick on bce0 proto tcp from any to any >>>> port >>>> = 17500 >>>> block drop in log (to pflog1) quick on bce0 proto udp from any to any >>>> port >>>> = mdns >>>> block drop in log (to pflog1) quick on bce0 proto udp from any to any >>>> port >>>> = 17500 >>>> block drop in quick on bce0 proto udp from any to any port = netbios-ns >>>> block drop in quick on bce0 proto udp from any to any port = netbios-dgm >>>> block drop in quick on bce0 proto udp from any to any port = 1900 >>>> block drop in quick on bce0 proto udp from any to any port = sunrpc >>>> block drop in quick on bce0 proto tcp from any to any port = >>>> commplex-main >>>> block drop in log (to pflog1) quick on bce0 proto igmp all >>>> block drop in quick on bce0 inet proto udp from 0.0.0.0 port = bootpc to >>>> any port = bootps >>>> pass in quick on bce0 inet proto udp from 10.0.1.1 port = bootps to any >>>> port = bootpc keep state >>>> pass out quick on bce0 inet proto udp from any port = bootpc to 10.0.1.1 >>>> port = bootps keep state >>>> block drop in log (to pflog1) quick on bce0 inet6 all >>>> pass in quick on bce0 inet proto tcp from 10.0.1.0/24 to 10.0.1.10 >>>> port = >>>> domain flags S/SA keep state >>>> pass in quick on bce0 inet proto tcp from 10.0.1.0/24 to 10.0.1.10 >>>> port = >>>> ssh flags S/SA keep state >>>> pass in quick on bce0 inet proto tcp from 192.168.3.0/24 to 10.0.1.10 >>>> port = domain flags S/SA keep state >>>> pass in quick on bce0 inet proto tcp from any to 10.0.1.10 port = http >>>> flags S/SA keep state >>>> pass in quick on bce0 inet proto tcp from any to 10.0.1.10 port = https >>>> flags S/SA keep state >>>> pass in quick on bce0 inet proto tcp from any to 10.0.1.10 port = auth >>>> flags S/SA keep state >>>> pass in quick on bce0 inet proto tcp from 198.182.9.1 to 10.0.1.10 port >>>> = >>>> ssh flags S/SA keep state >>>> pass in quick on bce0 inet proto tcp from 10.0.1.101 port = 8090 to >>>> 10.0.1.10 flags S/SA keep state >>>> pass in quick on bce0 inet proto udp from 10.0.1.0/24 to 10.0.1.10 >>>> port = >>>> domain keep state >>>> pass in quick on bce0 inet proto udp from 192.168.3.0/24 to 10.0.1.10 >>>> port = domain keep state >>>> pass in quick on bce0 inet proto icmp from 10.0.1.0/24 to 10.0.1.10 >>>> icmp-type echoreq keep state >>>> pass in log quick on bce0 inet proto tcp from 10.0.1.0/24 to 10.0.1.10 >>>> port = domain flags S/SA keep state >>>> pass in log quick on bce0 inet proto tcp from 10.0.1.0/24 to 10.0.1.10 >>>> port = 1053 flags S/SA keep state >>>> pass in log quick on bce0 inet proto udp from 10.0.1.0/24 to 10.0.1.10 >>>> port = domain keep state >>>> pass in log quick on bce0 inet proto udp from 10.0.1.0/24 to 10.0.1.10 >>>> port = 1053 keep state >>>> pass in log quick on lo0 inet proto tcp from 10.0.1.0/24 to 127.0.0.1 >>>> port = 1053 flags S/SA keep state >>>> pass in log quick on lo0 inet proto udp from 10.0.1.0/24 to 127.0.0.1 >>>> port = 1053 keep state >>>> pass in quick on bce0 inet proto tcp from 10.0.1.0/24 to 192.168.3.17 >>>> port = imap flags S/SA keep state >>>> pass in quick on bce0 inet proto tcp from 10.0.1.0/24 to 192.168.3.17 >>>> port = smtp flags S/SA keep state >>>> pass in quick on bce0 inet proto tcp from 10.0.1.0/24 to 192.168.3.17 >>>> port = submission flags S/SA keep state >>>> pass in quick on bce0 inet proto tcp from 192.168.3.0/24 to >>>> 192.168.3.17 >>>> port = imap flags S/SA keep state >>>> pass in quick on bce0 inet proto tcp from 192.168.3.0/24 to >>>> 192.168.3.17 >>>> port = smtp flags S/SA keep state >>>> pass in quick on bce0 inet proto tcp from 192.168.3.0/24 to >>>> 192.168.3.17 >>>> port = submission flags S/SA keep state >>>> pass in quick on bce0 inet proto tcp from 10.0.1.10 to 192.168.3.11 >>>> port = >>>> 9000 flags S/SA keep state >>>> pass in quick on bce0 inet proto tcp from 10.0.1.10 to 192.168.3.15 >>>> port = >>>> 9000 flags S/SA keep state >>>> pass in quick on bce0 inet proto tcp from 10.0.1.10 to 192.168.3.22 >>>> port = >>>> 9000 flags S/SA keep state >>>> pass in quick on bce0 inet proto tcp from 10.0.1.10 to 192.168.3.13 >>>> port = >>>> 9001 flags S/SA keep state >>>> pass out quick on bce0 inet proto tcp from 10.0.1.10 to 10.0.1.101 port >>>> = >>>> 8090 flags S/SA keep state >>>> pass out quick on bce0 inet proto udp from any to any port = domain keep >>>> state >>>> pass out quick on bce0 inet proto icmp all icmp-type echoreq keep state >>>> pass in on bce0 inet proto tcp from 10.0.1.0/24 to any port = ftp flags >>>> S/SA keep state >>>> pass in on bce0 inet proto tcp from 10.0.1.0/24 to any port > 49151 >>>> flags >>>> S/SA keep state >>>> >>>> >>>> Do you encounter the same issue when you specify an external resolver? >> What happens if you dig the domain from within the jailed environment? >> >> dig yahoo.com +trace >> dig yahoo.com +trace @8.8.8.8 >> >> -Mike B. >> >> _______________________________________________ >>> freebsd-questions@freebsd.org mailing list >>> https://lists.freebsd.org/mailman/listinfo/freebsd-questions >>> To unsubscribe, send any mail to " >>> freebsd-questions-unsubscribe@freebsd.org" >>> >> >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to " >> freebsd-questions-unsubscribe@freebsd.org" >> > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFLLzCOh074fcuDCKW2x=J3DJaH5Bp2g_Wh-c6ngWY7jjwib7Q>