FORMERR na cerstve nainstalovane Fedore8

Mam problem s DNS serverem named, ktery pouzivam jiz od fedory 5.
Na starem serveru dodnes aktualizovanem se problem projevoval stejne, nicmene nevim od kdy. Ted mam novy server, nainstalovanou fedoru 8 a named neumi prekladat nektere adresy.
Jiz tyden prochazim internet a nemuzu najit reseni.
Mel by fungovat v modu A Caching-only Name Server

typicke domeny, ktere nefunguji:
www.bckolin.cz
akamai.grisoft.cz

funguje treba
www.grisoft.cz
www.idnes.cz

Odpovedi typu ze DNS pakety delsi nez 512 bytu zahazuje firewall slyset nechci. Do serveru odpoved chodi.

named.conf je ten nejprimitivnejsi, ale chova se to stejne s jakoukoliv konfiguraci

Ze stranek bindu z oficialniho navodu…

// Two corporate subnets we wish to allow queries from.
acl corpnets { 192.168.1.0/24; };
options {
directory “/var/named”; // Working directory
allow-query { corpnets; };
};
// Provide a reverse mapping for the loopback address 127.0.0.1
zone “0.0.127.in-addr.arpa” {
type master;
file “named.local”;
notify no;
};

Cislo portu, EDNS disabled a podobny veci jsem jiz vyzkousel. Nic nema vliv na popsane chovani.

V messages jsou tyto hlasky:


Mar 7 09:06:08 server named[7163]:last message repeated 47 times
Mar 7 09:06:08 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 192.36.148.17#53
Mar 7 09:06:08 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 128.8.10.90#53
Mar 7 09:06:08 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 192.203.230.10#53
Mar 7 09:06:08 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 199.7.83.42#53
Mar 7 09:06:08 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 198.41.0.4#53
Mar 7 09:06:08 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 192.33.4.12#53
Mar 7 09:06:08 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 192.5.5.241#53
Mar 7 09:06:08 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 192.112.36.4#53
Mar 7 09:06:08 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 192.228.79.201#53
Mar 7 09:06:08 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 192.58.128.30#53
Mar 7 09:06:08 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 193.0.14.129#53
Mar 7 09:06:08 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 128.63.2.53#53
Mar 7 09:06:08 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 202.12.27.33#53
Mar 7 09:06:08 server named[7163]: too many timeouts resolving ‘www.bckolin.cz/A’ (in ‘.’?): disabling EDNS
Mar 7 09:06:23 server named[7163]:last message repeated 47 times
Mar 7 09:06:23 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 192.203.230.10#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 128.63.2.53#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 192.228.79.201#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 199.7.83.42#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 192.58.128.30#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 128.8.10.90#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 193.0.14.129#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 192.5.5.241#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 198.41.0.4#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 192.33.4.12#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 192.112.36.4#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 202.12.27.33#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 192.36.148.17#53
Mar 7 09:06:23 server named[7163]: too many timeouts resolving ‘www.bckolin.cz/A’ (in ‘.’?): disabling EDNS
Mar 7 09:06:23 server named[7163]:last message repeated 47 times
Mar 7 09:06:23 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 192.5.5.241#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 192.33.4.12#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 192.203.230.10#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 192.58.128.30#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 128.8.10.90#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 193.0.14.129#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 128.63.2.53#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 198.41.0.4#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 192.228.79.201#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 199.7.83.42#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 192.112.36.4#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 202.12.27.33#53
Mar 7 09:06:23 server named[7163]: FORMERR resolving ‘www.bckolin.cz/A/IN’: 192.36.148.17#53
Mar 7 09:06:23 server named[7163]: too many timeouts resolving ‘www.bckolin.cz/A’ (in ‘.’?): disabling EDNS


Dnes jsem udelal pokus. Pripojil jsem hub na eth, ktery je pripojen do internetu. Chytal jsem to ethereal-em, odpovedi jsou v poradku. Ty odpovedi opravdu chodi.

Fyzicky na dratu to vypada takto:


3 7.177858 88.146.251.201 00:d0:b7:0b:6f:90 193.0.14.129 00:0c:42:09:9d:0e DNS Standard query A www.bckolin.cz
4 7.182251 193.0.14.129 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150
5 7.182720 88.146.251.201 00:d0:b7:0b:6f:90 199.7.83.42 00:0c:42:09:9d:0e DNS Standard query A www.bckolin.cz
6 7.188227 199.7.83.42 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150
7 7.189560 88.146.251.201 00:d0:b7:0b:6f:90 192.228.79.201 00:0c:42:09:9d:0e DNS Standard query A www.bckolin.cz
8 7.194321 192.228.79.201 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150
9 7.194749 88.146.251.201 00:d0:b7:0b:6f:90 192.112.36.4 00:0c:42:09:9d:0e DNS Standard query A www.bckolin.cz
10 7.199582 192.112.36.4 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150
11 7.201001 88.146.251.201 00:d0:b7:0b:6f:90 198.41.0.4 00:0c:42:09:9d:0e DNS Standard query A www.bckolin.cz
12 7.206795 198.41.0.4 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150

Zepta se vsech znamych serveru, ktere mu normalne odpovi.
Pak se zacne ptat na root servery

29 7.256011 88.146.251.201 00:d0:b7:0b:6f:90 128.8.10.90 00:0c:42:09:9d:0e DNS Standard query AAAA B.ROOT-SERVERS.NET
30 7.256185 88.146.251.201 00:d0:b7:0b:6f:90 128.8.10.90 00:0c:42:09:9d:0e DNS Standard query AAAA C.ROOT-SERVERS.NET
31 7.256315 88.146.251.201 00:d0:b7:0b:6f:90 128.8.10.90 00:0c:42:09:9d:0e DNS Standard query AAAA D.ROOT-SERVERS.NET
32 7.256407 88.146.251.201 00:d0:b7:0b:6f:90 128.8.10.90 00:0c:42:09:9d:0e DNS Standard query AAAA E.ROOT-SERVERS.NET
33 7.256508 88.146.251.201 00:d0:b7:0b:6f:90 128.8.10.90 00:0c:42:09:9d:0e DNS Standard query AAAA G.ROOT-SERVERS.NET
34 7.256600 88.146.251.201 00:d0:b7:0b:6f:90 128.8.10.90 00:0c:42:09:9d:0e DNS Standard query AAAA I.ROOT-SERVERS.NET
35 7.256692 88.146.251.201 00:d0:b7:0b:6f:90 128.8.10.90 00:0c:42:09:9d:0e DNS Standard query AAAA L.ROOT-SERVERS.NET


a zase normalni dotazy a odpovedi

36 7.262006 88.146.251.201 00:d0:b7:0b:6f:90 128.8.10.90 00:0c:42:09:9d:0e DNS Standard query A www.bckolin.cz
37 7.264448 128.8.10.90 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response
38 7.265820 128.8.10.90 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response
39 7.267154 128.8.10.90 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response
40 7.268134 128.8.10.90 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response
41 7.268818 128.8.10.90 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response
42 7.269872 128.8.10.90 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150
43 7.270309 88.146.251.201 00:d0:b7:0b:6f:90 193.0.14.129 00:0c:42:09:9d:0e DNS Standard query A www.bckolin.cz
44 7.270636 128.8.10.90 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response
45 7.271371 128.8.10.90 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response
46 7.276408 193.0.14.129 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150
47 7.277848 88.146.251.201 00:d0:b7:0b:6f:90 192.228.79.201 00:0c:42:09:9d:0e DNS Standard query A www.bckolin.cz
48 7.281927 192.228.79.201 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150
49 7.283347 88.146.251.201 00:d0:b7:0b:6f:90 128.63.2.53 00:0c:42:09:9d:0e DNS Standard query A www.bckolin.cz
50 7.288956 128.63.2.53 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150
51 7.289383 88.146.251.201 00:d0:b7:0b:6f:90 192.203.230.10 00:0c:42:09:9d:0e DNS Standard query A www.bckolin.cz
52 7.295873 192.203.230.10 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150
53 7.297315 88.146.251.201 00:d0:b7:0b:6f:90 198.41.0.4 00:0c:42:09:9d:0e DNS Standard query A www.bckolin.cz

Jeste podrobny vypis dotazu a odpovedi (paket 3 a 4)
Dotaz:


No. Time Source SourceMAC Destination DestMAC Protocol Info
3 7.177858 88.146.251.201 00:d0:b7:0b:6f:90 193.0.14.129 00:0c:42:09:9d:0e DNS Standard query A www.bckolin.cz

Frame 3 (85 bytes on wire, 85 bytes captured)
Arrival Time: Mar 7, 2008 09:12:59.132034000
Time delta from previous packet: 7.176552000 seconds
Time since reference or first frame: 7.177858000 seconds
Frame Number: 3
Packet Length: 85 bytes
Capture Length: 85 bytes
Protocols in frame: eth:ip:udp:dns
Ethernet II, Src: 88.146.251.201 (00:d0:b7:0b:6f:90), Dst: 88.146.251.206 (00:0c:42:09:9d:0e)
Destination: 88.146.251.206 (00:0c:42:09:9d:0e)
Source: 88.146.251.201 (00:d0:b7:0b:6f:90)
Type: IP (0x0800)
Internet Protocol, Src: 88.146.251.201 (88.146.251.201), Dst: 193.0.14.129 (193.0.14.129)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …0. = ECN-Capable Transport (ECT): 0
… …0 = ECN-CE: 0
Total Length: 71
Identification: 0x0000 (0)
Flags: 0x04 (Don’t Fragment)
0… = Reserved bit: Not set
.1… = Don’t fragment: Set
…0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x16c9 [correct]
Source: 88.146.251.201 (88.146.251.201)
Destination: 193.0.14.129 (193.0.14.129)
User Datagram Protocol, Src Port: domain (53), Dst Port: domain (53)
Source port: domain (53)
Destination port: domain (53)
Length: 51
Checksum: 0x82cc [correct]
Domain Name System (query)
Transaction ID: 0xf3e3
Flags: 0x0010 (Standard query)
0… … … … = Response: Message is a query
.000 0… … … = Opcode: Standard query (0)
… …0. … … = Truncated: Message is not truncated
… …0 … … = Recursion desired: Don’t do query recursively
… … .0… … = Z: reserved (0)
… … …1 … = Non-authenticated data OK: Non-authenticated data is acceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
www.bckolin.cz: type A, class IN
Name: www.bckolin.cz
Type: A (Host address)
Class: IN (0x0001)
Additional records
: type OPT
Name:
Type: OPT (EDNS0 option)
UDP payload size: 512
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0

Odpoved


No. Time Source SourceMAC Destination DestMAC Protocol Info
4 7.182251 193.0.14.129 00:0c:42:09:9d:0e 88.146.251.201 00:d0:b7:0b:6f:90 DNS Standard query response CNAME c150un.forpsi.com A 81.2.194.150

Frame 4 (320 bytes on wire, 320 bytes captured)
Arrival Time: Mar 7, 2008 09:12:59.136427000
Time delta from previous packet: 0.004393000 seconds
Time since reference or first frame: 7.182251000 seconds
Frame Number: 4
Packet Length: 320 bytes
Capture Length: 320 bytes
Protocols in frame: eth:ip:udp:dns
Ethernet II, Src: 88.146.251.206 (00:0c:42:09:9d:0e), Dst: 88.146.251.201 (00:d0:b7:0b:6f:90)
Destination: 88.146.251.201 (00:d0:b7:0b:6f:90)
Source: 88.146.251.206 (00:0c:42:09:9d:0e)
Type: IP (0x0800)
Internet Protocol, Src: 193.0.14.129 (193.0.14.129), Dst: 88.146.251.201 (88.146.251.201)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00… = Differentiated Services Codepoint: Default (0x00)
… …0. = ECN-Capable Transport (ECT): 0
… …0 = ECN-CE: 0
Total Length: 306
Identification: 0x0000 (0)
Flags: 0x04 (Don’t Fragment)
0… = Reserved bit: Not set
.1… = Don’t fragment: Set
…0. = More fragments: Not set
Fragment offset: 0
Time to live: 61
Protocol: UDP (0x11)
Header checksum: 0x18de [correct]
Source: 193.0.14.129 (193.0.14.129)
Destination: 88.146.251.201 (88.146.251.201)
User Datagram Protocol, Src Port: domain (53), Dst Port: domain (53)
Source port: domain (53)
Destination port: domain (53)
Length: 286
Checksum: 0xdfd4 [correct]
Domain Name System (response)
Transaction ID: 0xf3e3
Flags: 0x8180 (Standard query response, No error)
1… … … … = Response: Message is a response
.000 0… … … = Opcode: Standard query (0)
… .0… … … = Authoritative: Server is not an authority for domain
… …0. … … = Truncated: Message is not truncated
… …1 … … = Recursion desired: Do query recursively
… … 1… … = Recursion available: Server can do recursive queries
… … .0… … = Z: reserved (0)
… … …0. … = Answer authenticated: Answer/authority portion was not authenticated by the server
… … … 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 2
Authority RRs: 6
Additional RRs: 6
Queries
www.bckolin.cz: type A, class IN
Name: www.bckolin.cz
Type: A (Host address)
Class: IN (0x0001)
Answers
www.bckolin.cz: type CNAME, class IN, cname c150un.forpsi.com
Name: www.bckolin.cz
Type: CNAME (Canonical name for an alias)
Class: IN (0x0001)
Time to live: 6 days, 8 hours, 11 minutes, 11 seconds
Data length: 19
Primary name: c150un.forpsi.com
c150un.forpsi.com: type A, class IN, addr 81.2.194.150
Name: c150un.forpsi.com
Type: A (Host address)
Class: IN (0x0001)
Time to live: 20 minutes, 16 seconds
Data length: 4
Addr: 81.2.194.150
Authoritative nameservers
cz: type NS, class IN, ns b.ns.nic.cz
Name: cz
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 1 day, 18 hours, 58 minutes, 31 seconds
Data length: 11
Name server: b.ns.nic.cz
cz: type NS, class IN, ns f.ns.nic.cz
Name: cz
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 1 day, 18 hours, 58 minutes, 31 seconds
Data length: 4
Name server: f.ns.nic.cz
cz: type NS, class IN, ns a.ns.nic.cz
Name: cz
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 1 day, 18 hours, 58 minutes, 31 seconds
Data length: 4
Name server: a.ns.nic.cz
cz: type NS, class IN, ns d.ns.nic.cz
Name: cz
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 1 day, 18 hours, 58 minutes, 31 seconds
Data length: 4
Name server: d.ns.nic.cz
cz: type NS, class IN, ns c.ns.nic.cz
Name: cz
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 1 day, 18 hours, 58 minutes, 31 seconds
Data length: 4
Name server: c.ns.nic.cz
cz: type NS, class IN, ns e.ns.nic.cz
Name: cz
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 1 day, 18 hours, 58 minutes, 31 seconds
Data length: 4
Name server: e.ns.nic.cz
Additional records
b.ns.nic.cz: type A, class IN, addr 217.31.205.188
Name: b.ns.nic.cz
Type: A (Host address)
Class: IN (0x0001)
Time to live: 9 minutes, 32 seconds
Data length: 4
Addr: 217.31.205.188
f.ns.nic.cz: type A, class IN, addr 193.171.255.48
Name: f.ns.nic.cz
Type: A (Host address)
Class: IN (0x0001)
Time to live: 1 day, 10 hours, 19 minutes, 17 seconds
Data length: 4
Addr: 193.171.255.48
a.ns.nic.cz: type A, class IN, addr 217.31.205.180
Name: a.ns.nic.cz
Type: A (Host address)
Class: IN (0x0001)
Time to live: 1 day, 13 hours, 40 minutes, 21 seconds
Data length: 4
Addr: 217.31.205.180
d.ns.nic.cz: type A, class IN, addr 193.29.206.1
Name: d.ns.nic.cz
Type: A (Host address)
Class: IN (0x0001)
Time to live: 21 hours, 10 minutes, 25 seconds
Data length: 4
Addr: 193.29.206.1
c.ns.nic.cz: type A, class IN, addr 195.66.241.202
Name: c.ns.nic.cz
Type: A (Host address)
Class: IN (0x0001)
Time to live: 6 hours, 30 minutes, 11 seconds
Data length: 4
Addr: 195.66.241.202
e.ns.nic.cz: type A, class IN, addr 194.146.105.38
Name: e.ns.nic.cz
Type: A (Host address)
Class: IN (0x0001)
Time to live: 1 day, 7 hours, 23 minutes, 41 seconds
Data length: 4
Addr: 194.146.105.38

Zduraznuji, ze toto je odchytnute “na drate”. Ovsem pomoci ettercap primo v onom serveru to vypada stejne. Jen to neumi takhle pekne rozpitvat.


Firewall vypinam prikazem /etc/rc.d/init.d/iptables stop

Po provedeni prikazu iptables -L to vypada takto:


[root@server log]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destinati

Pro jistotu jeste route


[root@server log]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
88.146.251.200 * 255.255.255.248 U 0 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
link-local * 255.255.0.0 U 0 0 0 eth1
default 88.146.251.206 0.0.0.0 UG 0 0 0 eth0



SELinux mam disabled.

Takze problem je podle mne nekde uvnitr bind nebo v jadru, protoze se bud ztraceji pakety pres nejaky filtr nebo je bug v bindu. Podobny problem jsem na internetu nasel docela dostkrat, ale reseni zadne. I na oficialnich strankach binda to dost banalizovali, ze uz to resili a ze je to nesmysl, ze bind automaticky prechaze z EDNS0 na normalni a pod.

Nebo si snad bind hraje na neco jako Microsoft a ignoruje odpovedi s nejakou chybou a stale tvrdi, ze funguje podle rfc… a vse ostatni ignoruje?

Souvislost mezi funkcnimi a nefunkcnimi odpovedmi muze byt takova, ze funkcni odpovedi maji delku cca do 200 bytu a nefunkcni vetsi jak 200 bytu.

Zduraznuji, ze to co je odchytnute, je na drate, ale i na karte v promiscuitnim modu. Nemuze to pozirat neco jiniha na portu 53? jak zjistim, ktere programy visi na portu 53?

Doufam, ze jsem Vas nezahltil prilis temy logy, ale at mi verite, ze nepisu nesmysly.

Tomu, kdo mi to vyresi nabizim pul kralovstvi a princeznu za zenu.

Zdar
George

P.S. kdyz jsem se chtel zaregistrovat na Vase forum, tak jsem v logu na svem novem serveru nasel hlasku:

2008-03-07 11:43:49 H=www10.pipni.cz [193.86.238.53] sender verify defer for apache@www10.pipni.cz: could not connect to www10.pipni.cz [193.86.238.53]: Connection
2008-03-07 11:43:49 H=www10.pipni.cz [193.86.238.53] F=apache@www10.pipni.cz temporarily rejected RCPT jirka@jjares.cz: Could not complete sender verify callout

Takze mi muj server vyhodnotil vas server jako neduveryhodny.

Co se toho dotazu tyce, nevim jesli je tady spravne misto, tady se resi dost uzivatelske problemy, tohle uz je trochu vyssi divci a smeroval bych to spis do nejake konfery. Pokud vas bind stve, muzete zkusit djb-dns, nainstalovat daemontools aspol. je ovsem taky krapet pruda.:slight_smile:

Vsechny sluzby na socketech vypsete pres netstat (napr. netstat -lp)

Ano tento server je bohuzel neduveryhodny a radi bychom se ho zbavili, zatim, ale nemame kam prejit.:slight_smile: