problems with DNS - PPP + Elsa 56k Modem
ignored_mailbox at yahoo.com.au
Mon Nov 7 18:07:18 UTC 2005
On Mon, 2005-11-07 at 10:34 +0100, Fabiano Petrone wrote:
> the problem is about (I guess...) DNS.
Sounds about right.
> ping doesn't go, I.E.:
> [root at fedora3 etc]# ping www.google.com
> ping: unknown host www.google.com
You'd expect that for DNS resolution errors.
But this sounds like firewalling issues:
> [root at fedora3 etc]# ping 18.104.22.168
> PING 22.214.171.124 (126.96.36.199) 56(84) bytes of data.
> ping: sendmsg: Operation not permitted
> ...and the corresponding logs are tons of things like these:
> Nov 6 21:11:06 fedora3 kernel: Unknown InputIN=ppp0 OUT= MAC= SRC=188.8.131.52 DST=184.108.40.206 LEN=337 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=UDP SPT=59758 DPT=1026 LEN=317
> Nov 6 21:11:29 fedora3 kernel: Unknown OutputIN= OUT=ppp0 SRC=220.127.116.11 DST=18.104.22.168 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=17717 SEQ=0
> Nov 6 21:11:30 fedora3 kernel: Unknown OutputIN= OUT=ppp0 SRC=22.214.171.124 DST=126.96.36.199 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17717 SEQ=1
We'd probably need to see your firewall rules to figure out why.
> my /etc/resolv.conf is:
> search home.net
> nameserver 192.168.0.50
> nameserver 188.8.131.52
> nameserver 184.108.40.206
> 192.168.0.50 DNS is ***only internal**** (home.net, for experimental
> purpose) with BIND
> in other words, in /var/named/chroot/etc/named.conf the outside zone
> is all
> The 212.63**** DNSs are my provider's regular and in-great-shape DNSs.
What's happening is that first your system it's trying to resolve it
locally, and that isn't working. It's probably getting a failure
message from your DNS server, but for some reason doesn't bother to try
any other servers on your list, or the failure takes too long that it
Even if it did switch to using the next server, there'd be a long delay,
and it'd be the first server to query for the next lookup. Which could
mean that trying to look up a local name will fail.
Why not use your own DNS server exclusively? It can resolve all your
queries, and you'd have no need to use your ISPs. I do it that way, for
simplicity, and my ISP's DNS servers are poor.
Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.
More information about the users