> "host unreachable" is one of the clearer error messages, so
> you need
> to do some digging. From the box that you've set up bind9
> on you'll
> need to use dig to query the ISP's name servers. If that
> works, then
> you'll have to use tcpdump on that box to find out what
> named is doing.
>
> Doug
>
Thank you very much.
Your suggestion to use "tcpdump" actually is very helpful. It clearly shows:
ICMP host 216.171.238.67 unreachable - admin prohibited, length 87
So I think this most likely has to do with the firewall setup. Probably I
should enable ICMP redirect? Could anyone confirm? And is this safe?
Thank you very much.
Shi
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
