On 1/10/2011 2:04 PM, Jay G. Scott wrote:
On Mon, Jan 10, 2011 at 12:41:48PM -0600, Jay G. Scott wrote:
hi,
thanks for the replies. however, i didn't learn much. i'm more of
a network newbie than i thought.
but what i can say is this:
(repeating the problem)
i get zillions of these msgs:
Jan 10 12:36:24 ns2 named[3037]: client 10.4.1.6#59926: view internal: error
sending response: host unreachable
i CAN do an AXFR from 10.4.1.6 to ns2
that is,
dig @10.4.1.6 arlut.utexas.edu AXFR
does give me output.
on 10.4.1.6,
dig @146.6.211.1 arlut.utexas.edu AXFR
;<<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_5.3<<>> @146.6.211.1
arlut.utexas.edu AXFR
; (1 server found)
;; global options: printcmd
; Transfer failed.
now, when i attempt that AXFR, the error message is NOT like
the symptom i have.
so i conclude that my problem is not AXFR (or IXFR, similar experiment).
so what is this msg talking about?
Jan 10 12:36:24 ns2 named[3037]: client 10.4.1.6#59926: view internal: error
sending response: host unreachable
i'm starting to think it might be just an ordinary dns lookup.
heh. no. of course not. suddenly realized that i could test
that, and, no, that's not it.
so what could it be?
If you're getting normal DNS queries from that IP (as well as the zone
transfers), and there is a stateful firewall in front of it, it could
still be ordinary queries that end up timing out when your server
attempts to get an answer from the Internet. The problem would be that
the state table entry in the firewall times out faster that BIND gives
up on a query, so by the time your server sends the failure response,
the firewall has already aged out that connection and blocks the answer.
--
Dave
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
