nslookup: connection timed out; no servers could be reached
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Sorry about the syntax error; I missed an '&&' between the 'udp port 53' phrase and the 'host 64.81.79.2' phrase.
The goo news is that this gets us a little further. If I take the liberty of rearranging the lines a little, to match up the requests and replies, we get this:
Code:
15:00:10.159128 IP 64.81.79.2.53 > 207.7.135.73.40301: 51927 2/0/0 A 206.190.60.37, (59)
15:00:10.159321 IP 64.81.79.2.53 > 207.7.135.73.40302: 28291 NXDomain* 0/0/0 (43)
15:00:10.159894 IP 64.81.79.2.53 > 207.7.135.73.40304: 51541 NXDomain* 0/0/0 (43)
15:00:10.161585 IP 207.7.135.74.57781 > 64.81.79.2.53: 63784+ AAAA? glocap.com. (28)
15:00:10.164619 IP 64.81.79.2.53 > 207.7.135.74.57781: 63784 0/0/0 (28)
15:00:10.164778 IP 207.7.135.74.57781 > 64.81.79.2.53: 65417+ A? glocap.com. (28)
15:00:10.167807 IP 64.81.79.2.53 > 207.7.135.74.57781: 65417 1/0/0 A 207.7.135.70 (44)
15:00:10.169751 IP 207.7.135.74.57781 > 64.81.79.2.53: 50096+ AAAA? yahoo.com. (27)
15:00:10.172958 IP 64.81.79.2.53 > 207.7.135.74.57781: 50096 0/0/0 (27)
15:00:10.172115 IP 207.7.135.73.40305 > 64.81.79.2.53: 15233+ A? a.mx.mail.yahoo.com. (37)
15:00:10.174877 IP 64.81.79.2.53 > 207.7.135.73.40305: 15233 1/0/0 A 209.191.118.103 (53)
15:00:10.172753 IP 207.7.135.73.40306 > 64.81.79.2.53: 13242+ AAAA? glocap.com. (28)
15:00:10.175876 IP 64.81.79.2.53 > 207.7.135.73.40306: 13242 0/0/0 (28)
15:00:10.173145 IP 207.7.135.74.57781 > 64.81.79.2.53: 59041+ A? yahoo.com. (27)
15:00:10.176094 IP 64.81.79.2.53 > 207.7.135.74.57781: 59041 2/0/0 A 206.190.60.37, (59)
This shows how the protocol is supposed to work. Note near the bottom of this list, how 207.7.135.73 asks for both an A record and an AAAA record, and gets back a positive reply for the A record (1/0/0) and a negative one for the AAAA record (0/0/0).
Unfortunately, none of these conversations has anything to do with xmail1, whose address, according to previous posts is 207.7.135.71. Let's try again on the tcpdump command:
Code:
#tcpdump -i eth1 -nn udp port 53 && host 207.7.135.71
This should show us the conversation between xmail1 and the DNS server(s).
I did another experiment. I unplugged 192.168.1.19 from the local subnet and rebuilt xmail1 to be 192.168.1.19, with the same hostname and everything. I had the same problem. I switched back and 19 worked fine as before, so I would think that eliminates the firewall possibility.
I also upgraded to Fedora Core 9 to eliminate the OS as a source of the problem, and installed Ubuntu Hardy Heron as well and had the same problem both times.
I'm thinking that leaves hardware issues, but in every case, local subnet connectivity works fine.
I am not sure that your experiment proved anything except that there is some configuration problem on xmail1 (which we thought likely anyway). The point of doing the tcpdump trace on trusty was to confirm that the DNS reply packet was indeed getting returned.
Once we have established that the return is happening (and that the tracing process actually shows the behavior we expect), we can apply that same tracing process to xmail1 to make sure whether the return packet is getting to that machine or not, and after that, we can start looking at what happens to it once inside xmail1.
If this process is unpalatable to you, I apologize, but when we are trying to stalk an obscure bug, I think it is important to be clear about what we know and what we don't know before making up further experiments.
So if you can telnet to port 25 of xmail1 from inside your network,. then there is something blocking or not forwarding the ports between that server and the Internet.. or the other direction..
Personally I would setup Wireshark on a laptop and sniff inside and outside your firewall for the traffic..
[root@trusty ~]# telnet 192.168.1.21 25
Trying 192.168.1.21...
telnet: connect to address 192.168.1.21: No route to host
telnet: Unable to connect to remote host: No route to host
[root@trusty ~]# ping 192.168.1.21
PING 192.168.1.21 (192.168.1.21) 56(84) bytes of data.
64 bytes from 192.168.1.21: icmp_seq=1 ttl=64 time=0.148 ms
64 bytes from 192.168.1.21: icmp_seq=2 ttl=64 time=0.097 ms
64 bytes from 192.168.1.21: icmp_seq=3 ttl=64 time=0.096 ms
64 bytes from 192.168.1.21: icmp_seq=4 ttl=64 time=0.097 ms
--- 192.168.1.21 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2998ms
rtt min/avg/max/mdev = 0.096/0.109/0.148/0.024 ms
[root@trusty ~]# dig 192.168.1.21
; <<>> DiG 9.3.2 <<>> 192.168.1.21
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20713
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;192.168.1.21. IN A
;; AUTHORITY SECTION:
. 10800 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2008070800 1800 900 604800 86400
;; Query time: 74 msec
;; SERVER: 209.213.223.118#53(209.213.223.118)
;; WHEN: Tue Jul 8 10:06:50 2008
;; MSG SIZE rcvd: 105
I need to understand better what telnet, nslookup, dig, ping etc. each offer and indicate, i.e. why some work and others don't. I'm checking out Wireshark in the meantime.
This might be a longshot but you maybe you could try a dump and restore from a working system to this one. If it works you still won't know what the configuration problem was but it might help you fix the immediate problem. You might be able to do this with tar as well.
I saw an issue similar to this yesterday involving a netscreen firewall. Source nat translation wasn't working for this server in the 1918 address space. It didn't have a publicly mapped IP address and for some reason the source nat was busted. I verified this by running tcpdump on an internet server and then attempted telneting to it from the problem server. I saw the private 1918 address hitting the internet server so the packets had no home to return to. Check your nat rules in iptables on both your firewall and your problem server as well as a working server. Maybe something will pop out at you.
iptables -L -t nat
I fixed this issue by assigning a dynamic ip pool in netscreen and built a policy to perform source nat translation and pull an IP from this dynamic pool. This way the internet server had a public address to route back to. Don't know how you would do this in iptables
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
