> "host unreachable" is one of the clearer error messages, so > you need > to do some digging. From the box that you've set up bind9 > on you'll > need to use dig to query the ISP's name servers. If that > works, then > you'll have to use tcpdump on that box to find out what > named is doing. > > Doug > Thank you very much. Your suggestion to use "tcpdump" actually is very helpful. It clearly shows: ICMP host 216.171.238.67 unreachable - admin prohibited, length 87 So I think this most likely has to do with the firewall setup. Probably I should enable ICMP redirect? Could anyone confirm? And is this safe?
Thank you very much. Shi _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users