Re: weird transfer-source problems with one DNS node
Yep, that's it. The MASQ entry will nat all outbound traffic to the primary IP of the interface. If you want to be playing with secondary IPs this is almost certainly not right. -- Sent from my mobile device, please excuse brevity and typos___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: weird transfer-source problems with one DNS node
Thank you, Phil - that might be the answer. I'm not super knowledgeable about iptables, and I certainly didn't configure it this way (specifically), but the one problematic node does seem to have a postrouting chain. I'll have to investigate how this came about and how to remove, but perhaps this is it: [root@foo:~]# iptables -t nat -nvL Chain PREROUTING (policy ACCEPT 155M packets, 15G bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 270K packets, 15M bytes) pkts bytes target prot opt in out source destination 105M 13G MASQUERADE all -- * eth+0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 105M packets, 13G bytes) pkts bytes target prot opt in out source destination cheers and thanks, Ian Veach, Senior Systems Analyst System Computing Services, Nevada System of Higher Education On Tue, Jul 19, 2016 at 3:10 AM, Phil Mayerswrote: > On 19/07/16 00:38, Ian Veach wrote: > >> >> Negative Ghostrider...: >> >> [root@foo:~]# iptables -t raw -nvL >> > > Might want to check "-t nat" as well. > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > -- PUBLIC RECORDS NOTICE: In accordance with NRS Chapter 239, this email and responses, unless otherwise made confidential by law, may be subject to the Nevada Public Records laws and may be disclosed to the public upon request. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.10.4-P2; CVE-2016-2775
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 http://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAleOm+EACgkQL6j7milTFsFL0gCeMmH1ZIlnYXP8GmferR/qjRNT 2EcAnj6ePxuOrQewVY+r4T4LEev3sngT =L//D -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: weird transfer-source problems with one DNS node
On 19/07/16 00:38, Ian Veach wrote: Negative Ghostrider...: [root@foo:~]# iptables -t raw -nvL Might want to check "-t nat" as well. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Questions on how to setup Reverse DNS in bind 9
On 18.07.16 19:44, Spork Schivago wrote: At this time franklin.jetbbs.com ONLY RESOLVES TO 104.238.117.105 The way I wanted it was 104.238.117.105 AND 132.148.11.44to point to jetbbs.com but I think I setup the DNS record wrong. I just added another A record for jetbbs.com and added the IP address 132.148.11.44 to it. This part wasn't for the reverse DNS. I got two IP addresses I'm using. jetbbs.com IS NOT franklin.jetbbs.com I got an A name for franklin, and that's the 104.238.117.105. Should I have added another A name for franklin as well to setup the round robin stuff? You know, when someone connects to JetBBS.com, the first time they connect, it takes them to 104.238.117.105. The next time they connect, it takes them to 132.148.11.44. you don't have to set up "round robin" and you can't decide who connects to which IP. If you set up two IP addresses for one DNS name, random servers will connect to random addresses in rantom times. Is this why whenever I pinged jetbbs.com, I only got a reply from 132.148.11.44 and not from 104.238.117.105 you think? that is because jetbbs.com only contains 104.238.117.105 now... Because I didn't setup another A name for franklin? Thanks and sorry for all the questions. I know these probably aren't really bind related questions anymore. Thanks! once more: jetbbs.com IS NOT franklin.jetbbs.com ! FYI currently they both only contain 104.238.117.105 -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. One OS to rule them all, One OS to find them, One OS to bring them all and into darkness bind them ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users