LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-18-2008, 12:10 PM   #16
kbighorse
LQ Newbie
 
Registered: Jun 2008
Posts: 20

Original Poster
Rep: Reputation: 0

Definitely lots more output!
Code:
13:03:44.651110 IP (tos 0x0, ttl  64, id 54273, offset 0, flags [DF], proto 17, length: 57) 192.168.1.22.39106 > 64.81.79.2.53:  63301+ A? bankone.com. (29)
13:03:44.654165 IP (tos 0x0, ttl  58, id 3760, offset 0, flags [DF], proto 17, length: 73) 64.81.79.2.53 > 192.168.1.22.39106:  63301 1/0/0 bankone.com. A 159.53.60.66 (45)
13:03:45.487700 IP (tos 0x0, ttl  64, id 55109, offset 0, flags [DF], proto 17, length: 74) 192.168.1.22.39106 > 64.81.79.2.53:  11785+ PTR? 130.112.102.145.in-addr.arpa. (46)
13:03:45.490578 IP (tos 0x0, ttl  58, id 20923, offset 0, flags [DF], proto 17, length: 107) 64.81.79.2.53 > 192.168.1.22.39106:  11785 1/0/0 130.112.102.145.in-addr.arpa. (79)
13:03:45.490916 IP (tos 0x0, ttl  64, id 55113, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  36210+ A? designserver.ahk.nl. (37)
13:03:45.494201 IP (tos 0x0, ttl  58, id 12545, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  36210 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:03:47.846721 IP (tos 0x0, ttl  64, id 57469, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  51859+ A? designserver.ahk.nl. (37)
13:03:47.849899 IP (tos 0x0, ttl  58, id 55609, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  51859 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:03:49.720152 IP (tos 0x0, ttl  64, id 59342, offset 0, flags [DF], proto 17, length: 74) 192.168.1.22.39106 > 64.81.79.2.53:  47630+ PTR? 130.112.102.145.in-addr.arpa. (46)
13:03:49.722988 IP (tos 0x0, ttl  58, id 20477, offset 0, flags [DF], proto 17, length: 107) 64.81.79.2.53 > 192.168.1.22.39106:  47630 1/0/0 130.112.102.145.in-addr.arpa. (79)
13:03:49.723328 IP (tos 0x0, ttl  64, id 59346, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  31059+ A? designserver.ahk.nl. (37)
13:03:49.726487 IP (tos 0x0, ttl  58, id 23754, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  31059 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:03:52.079100 IP (tos 0x0, ttl  64, id 61702, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  43040+ A? designserver.ahk.nl. (37)
13:03:52.082184 IP (tos 0x0, ttl  58, id 12591, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  43040 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:03:53.953309 IP (tos 0x0, ttl  64, id 63576, offset 0, flags [DF], proto 17, length: 74) 192.168.1.22.39106 > 64.81.79.2.53:  51513+ PTR? 130.112.102.145.in-addr.arpa. (46)
13:03:53.963144 IP (tos 0x0, ttl  58, id 39370, offset 0, flags [DF], proto 17, length: 107) 64.81.79.2.53 > 192.168.1.22.39106:  51513 1/0/0 130.112.102.145.in-addr.arpa. (79)
13:03:53.963466 IP (tos 0x0, ttl  64, id 63586, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  48140+ A? designserver.ahk.nl. (37)
13:03:53.966767 IP (tos 0x0, ttl  58, id 61403, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  48140 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:03:56.318476 IP (tos 0x0, ttl  64, id 406, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  44797+ A? designserver.ahk.nl. (37)
13:03:56.321716 IP (tos 0x0, ttl  58, id 30002, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  44797 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:03:58.191711 IP (tos 0x0, ttl  64, id 2279, offset 0, flags [DF], proto 17, length: 74) 192.168.1.22.39106 > 64.81.79.2.53:  43573+ PTR? 130.112.102.145.in-addr.arpa. (46)
13:03:58.195055 IP (tos 0x0, ttl  58, id 3114, offset 0, flags [DF], proto 17, length: 107) 64.81.79.2.53 > 192.168.1.22.39106:  43573 1/0/0 130.112.102.145.in-addr.arpa. (79)
13:03:58.195383 IP (tos 0x0, ttl  64, id 2283, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  54502+ A? designserver.ahk.nl. (37)
13:03:58.198678 IP (tos 0x0, ttl  58, id 7936, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  54502 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:04:00.550869 IP (tos 0x0, ttl  64, id 4639, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  32461+ A? designserver.ahk.nl. (37)
13:04:00.553877 IP (tos 0x0, ttl  58, id 43268, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  32461 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:04:02.425223 IP (tos 0x0, ttl  64, id 6513, offset 0, flags [DF], proto 17, length: 74) 192.168.1.22.39106 > 64.81.79.2.53:  17892+ PTR? 130.112.102.145.in-addr.arpa. (46)
13:04:02.428347 IP (tos 0x0, ttl  58, id 54914, offset 0, flags [DF], proto 17, length: 107) 64.81.79.2.53 > 192.168.1.22.39106:  17892 1/0/0 130.112.102.145.in-addr.arpa. (79)
13:04:02.428668 IP (tos 0x0, ttl  64, id 6517, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  27663+ A? designserver.ahk.nl. (37)
13:04:02.431588 IP (tos 0x0, ttl  58, id 65023, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  27663 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:04:04.784255 IP (tos 0x0, ttl  64, id 8873, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  64422+ A? designserver.ahk.nl. (37)
13:04:04.787786 IP (tos 0x0, ttl  58, id 31179, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  64422 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:04:06.664896 IP (tos 0x0, ttl  64, id 10754, offset 0, flags [DF], proto 17, length: 74) 192.168.1.22.39106 > 64.81.79.2.53:  7175+ PTR? 130.112.102.145.in-addr.arpa. (46)
13:04:06.667996 IP (tos 0x0, ttl  58, id 12653, offset 0, flags [DF], proto 17, length: 107) 64.81.79.2.53 > 192.168.1.22.39106:  7175 1/0/0 130.112.102.145.in-addr.arpa. (79)
13:04:06.668321 IP (tos 0x0, ttl  64, id 10757, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  12154+ A? designserver.ahk.nl. (37)
13:04:06.671370 IP (tos 0x0, ttl  58, id 24527, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  12154 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:04:09.023646 IP (tos 0x0, ttl  64, id 13113, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  48727+ A? designserver.ahk.nl. (37)
13:04:09.028567 IP (tos 0x0, ttl  58, id 44239, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  48727 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:04:10.901036 IP (tos 0x0, ttl  64, id 14990, offset 0, flags [DF], proto 17, length: 74) 192.168.1.22.39106 > 64.81.79.2.53:  33427+ PTR? 130.112.102.145.in-addr.arpa. (46)
13:04:10.904155 IP (tos 0x0, ttl  58, id 32886, offset 0, flags [DF], proto 17, length: 107) 64.81.79.2.53 > 192.168.1.22.39106:  33427 1/0/0 130.112.102.145.in-addr.arpa. (79)
13:04:10.904481 IP (tos 0x0, ttl  64, id 14994, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  55836+ A? designserver.ahk.nl. (37)
13:04:10.908153 IP (tos 0x0, ttl  58, id 45738, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  55836 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:04:13.260024 IP (tos 0x0, ttl  64, id 17350, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  36241+ A? designserver.ahk.nl. (37)
13:04:13.262977 IP (tos 0x0, ttl  58, id 22696, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  36241 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:04:15.135220 IP (tos 0x0, ttl  64, id 19225, offset 0, flags [DF], proto 17, length: 74) 192.168.1.22.39106 > 64.81.79.2.53:  12546+ PTR? 130.112.102.145.in-addr.arpa. (46)
13:04:15.138565 IP (tos 0x0, ttl  58, id 8975, offset 0, flags [DF], proto 17, length: 107) 64.81.79.2.53 > 192.168.1.22.39106:  12546 1/0/0 130.112.102.145.in-addr.arpa. (79)
13:04:15.138894 IP (tos 0x0, ttl  64, id 19229, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  27925+ A? designserver.ahk.nl. (37)
13:04:15.141813 IP (tos 0x0, ttl  58, id 857, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  27925 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:04:17.494428 IP (tos 0x0, ttl  64, id 21585, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  14276+ A? designserver.ahk.nl. (37)
13:04:17.497886 IP (tos 0x0, ttl  58, id 60316, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  14276 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:04:19.368845 IP (tos 0x0, ttl  64, id 23459, offset 0, flags [DF], proto 17, length: 74) 192.168.1.22.39106 > 64.81.79.2.53:  41405+ PTR? 130.112.102.145.in-addr.arpa. (46)
13:04:19.371849 IP (tos 0x0, ttl  58, id 34857, offset 0, flags [DF], proto 17, length: 107) 64.81.79.2.53 > 192.168.1.22.39106:  41405 1/0/0 130.112.102.145.in-addr.arpa. (79)
13:04:19.372189 IP (tos 0x0, ttl  64, id 23463, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  9430+ A? designserver.ahk.nl. (37)
13:04:19.375348 IP (tos 0x0, ttl  58, id 32963, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  9430 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:04:21.727808 IP (tos 0x0, ttl  64, id 25819, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  9511+ A? designserver.ahk.nl. (37)
13:04:21.730795 IP (tos 0x0, ttl  58, id 10078, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  9511 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:04:23.603074 IP (tos 0x0, ttl  64, id 27694, offset 0, flags [DF], proto 17, length: 74) 192.168.1.22.39106 > 64.81.79.2.53:  3731+ PTR? 130.112.102.145.in-addr.arpa. (46)
13:04:23.606259 IP (tos 0x0, ttl  58, id 17107, offset 0, flags [DF], proto 17, length: 107) 64.81.79.2.53 > 192.168.1.22.39106:  3731 1/0/0 130.112.102.145.in-addr.arpa. (79)
13:04:23.606603 IP (tos 0x0, ttl  64, id 27698, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  59388+ A? designserver.ahk.nl. (37)
13:04:23.609757 IP (tos 0x0, ttl  58, id 2890, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  59388 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:04:25.962199 IP (tos 0x0, ttl  64, id 30054, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  3281+ A? designserver.ahk.nl. (37)
13:04:25.965205 IP (tos 0x0, ttl  58, id 43598, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  3281 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:04:27.836433 IP (tos 0x0, ttl  64, id 31928, offset 0, flags [DF], proto 17, length: 74) 192.168.1.22.39106 > 64.81.79.2.53:  65078+ PTR? 130.112.102.145.in-addr.arpa. (46)
13:04:27.839793 IP (tos 0x0, ttl  58, id 61027, offset 0, flags [DF], proto 17, length: 107) 64.81.79.2.53 > 192.168.1.22.39106:  65078 1/0/0 130.112.102.145.in-addr.arpa. (79)
13:04:27.840116 IP (tos 0x0, ttl  64, id 31932, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  21145+ A? designserver.ahk.nl. (37)
13:04:27.843042 IP (tos 0x0, ttl  58, id 39516, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  21145 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:04:30.195576 IP (tos 0x0, ttl  64, id 34288, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  43906+ A? designserver.ahk.nl. (37)
13:04:30.198990 IP (tos 0x0, ttl  58, id 7077, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  43906 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:04:32.070035 IP (tos 0x0, ttl  64, id 36162, offset 0, flags [DF], proto 17, length: 74) 192.168.1.22.39106 > 64.81.79.2.53:  12381+ PTR? 130.112.102.145.in-addr.arpa. (46)
13:04:32.073705 IP (tos 0x0, ttl  58, id 6368, offset 0, flags [DF], proto 17, length: 107) 64.81.79.2.53 > 192.168.1.22.39106:  12381 1/0/0 130.112.102.145.in-addr.arpa. (79)
13:04:32.074063 IP (tos 0x0, ttl  64, id 36166, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  55296+ A? designserver.ahk.nl. (37)
13:04:32.076951 IP (tos 0x0, ttl  58, id 121, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  55296 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:04:34.428963 IP (tos 0x0, ttl  64, id 38522, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  46223+ A? designserver.ahk.nl. (37)
13:04:34.432025 IP (tos 0x0, ttl  58, id 15104, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  46223 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:04:36.303386 IP (tos 0x0, ttl  64, id 40396, offset 0, flags [DF], proto 17, length: 74) 192.168.1.22.39106 > 64.81.79.2.53:  41462+ PTR? 130.112.102.145.in-addr.arpa. (46)
13:04:36.306489 IP (tos 0x0, ttl  58, id 41755, offset 0, flags [DF], proto 17, length: 107) 64.81.79.2.53 > 192.168.1.22.39106:  41462 1/0/0 130.112.102.145.in-addr.arpa. (79)
13:04:36.306812 IP (tos 0x0, ttl  64, id 40400, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  42637+ A? designserver.ahk.nl. (37)
13:04:36.309862 IP (tos 0x0, ttl  58, id 37396, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  42637 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:04:38.021875 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto 17, length: 69) 192.168.1.22.39106 > 64.81.79.2.53:  12413+ PTR? 2.79.81.64.in-addr.arpa. (41)
13:04:38.024915 IP (tos 0x0, ttl  58, id 40077, offset 0, flags [DF], proto 17, length: 105) 64.81.79.2.53 > 192.168.1.22.39106:  12413 1/0/0 2.79.81.64.in-addr.arpa. PTR[|domain]
13:04:38.662353 IP (tos 0x0, ttl  64, id 42756, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  20958+ A? designserver.ahk.nl. (37)
13:04:38.665934 IP (tos 0x0, ttl  58, id 38997, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  20958 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:04:40.540804 IP (tos 0x0, ttl  64, id 44634, offset 0, flags [DF], proto 17, length: 74) 192.168.1.22.39106 > 64.81.79.2.53:  364+ PTR? 130.112.102.145.in-addr.arpa. (46)
13:04:40.543896 IP (tos 0x0, ttl  58, id 8833, offset 0, flags [DF], proto 17, length: 107) 64.81.79.2.53 > 192.168.1.22.39106:  364 1/0/0 130.112.102.145.in-addr.arpa. (79)
13:04:40.544219 IP (tos 0x0, ttl  64, id 44638, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  22951+ A? designserver.ahk.nl. (37)
13:04:40.547145 IP (tos 0x0, ttl  58, id 27597, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  22951 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:04:42.899753 IP (tos 0x0, ttl  64, id 46994, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  53894+ A? designserver.ahk.nl. (37)
13:04:42.902718 IP (tos 0x0, ttl  58, id 22166, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  53894 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:04:44.773042 IP (tos 0x0, ttl  64, id 48867, offset 0, flags [DF], proto 17, length: 74) 192.168.1.22.39106 > 64.81.79.2.53:  63133+ PTR? 130.112.102.145.in-addr.arpa. (46)
13:04:44.775932 IP (tos 0x0, ttl  58, id 60247, offset 0, flags [DF], proto 17, length: 107) 64.81.79.2.53 > 192.168.1.22.39106:  63133 1/0/0 130.112.102.145.in-addr.arpa. (79)
13:04:44.776277 IP (tos 0x0, ttl  64, id 48871, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  50558+ A? designserver.ahk.nl. (37)
13:04:44.779306 IP (tos 0x0, ttl  58, id 49236, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  50558 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:04:45.551443 IP (tos 0x0, ttl  64, id 49646, offset 0, flags [DF], proto 17, length: 55) 192.168.1.22.39106 > 64.81.79.2.53:  49048+ AAAA? yahoo.com. (27)
13:04:45.554501 IP (tos 0x0, ttl  58, id 59517, offset 0, flags [DF], proto 17, length: 55) 64.81.79.2.53 > 192.168.1.22.39106:  49048 0/0/0 (27)
13:04:45.554600 IP (tos 0x0, ttl  64, id 49649, offset 0, flags [DF], proto 17, length: 55) 192.168.1.22.39106 > 64.81.79.2.53:  12763+ A? yahoo.com. (27)
13:04:45.557750 IP (tos 0x0, ttl  58, id 56076, offset 0, flags [DF], proto 17, length: 87) 64.81.79.2.53 > 192.168.1.22.39106:  12763 2/0/0 yahoo.com. A 206.190.60.37, yahoo.com. (59)
13:04:47.131124 IP (tos 0x0, ttl  64, id 51226, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  8095+ A? designserver.ahk.nl. (37)
13:04:47.134379 IP (tos 0x0, ttl  58, id 58157, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  8095 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:04:49.004504 IP (tos 0x0, ttl  64, id 53099, offset 0, flags [DF], proto 17, length: 74) 192.168.1.22.39106 > 64.81.79.2.53:  12416+ PTR? 130.112.102.145.in-addr.arpa. (46)
13:04:49.009592 IP (tos 0x0, ttl  58, id 13701, offset 0, flags [DF], proto 17, length: 107) 64.81.79.2.53 > 192.168.1.22.39106:  12416 1/0/0 130.112.102.145.in-addr.arpa. (79)
13:04:49.009923 IP (tos 0x0, ttl  64, id 53105, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  9513+ A? designserver.ahk.nl. (37)
13:04:49.012840 IP (tos 0x0, ttl  58, id 1216, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  9513 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:04:51.365527 IP (tos 0x0, ttl  64, id 55461, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  36694+ A? designserver.ahk.nl. (37)
13:04:51.368538 IP (tos 0x0, ttl  58, id 15896, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  36694 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:04:53.240055 IP (tos 0x0, ttl  64, id 57336, offset 0, flags [DF], proto 17, length: 74) 192.168.1.22.39106 > 64.81.79.2.53:  39053+ PTR? 130.112.102.145.in-addr.arpa. (46)
13:04:53.243127 IP (tos 0x0, ttl  58, id 871, offset 0, flags [DF], proto 17, length: 107) 64.81.79.2.53 > 192.168.1.22.39106:  39053 1/0/0 130.112.102.145.in-addr.arpa. (79)
13:04:53.243448 IP (tos 0x0, ttl  64, id 57339, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  45166+ A? designserver.ahk.nl. (37)
13:04:53.246500 IP (tos 0x0, ttl  58, id 12051, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  45166 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:04:55.598908 IP (tos 0x0, ttl  64, id 59695, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  47053+ A? designserver.ahk.nl. (37)
13:04:55.601948 IP (tos 0x0, ttl  58, id 57190, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  47053 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:04:57.476674 IP (tos 0x0, ttl  64, id 61573, offset 0, flags [DF], proto 17, length: 74) 192.168.1.22.39106 > 64.81.79.2.53:  31919+ PTR? 130.112.102.145.in-addr.arpa. (46)
13:04:57.479659 IP (tos 0x0, ttl  58, id 7257, offset 0, flags [DF], proto 17, length: 107) 64.81.79.2.53 > 192.168.1.22.39106:  31919 1/0/0 130.112.102.145.in-addr.arpa. (79)
13:04:57.479988 IP (tos 0x0, ttl  64, id 61576, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  8394+ A? designserver.ahk.nl. (37)
13:04:57.483033 IP (tos 0x0, ttl  58, id 29700, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  8394 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:04:59.835296 IP (tos 0x0, ttl  64, id 63932, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  13521+ A? designserver.ahk.nl. (37)
13:04:59.838231 IP (tos 0x0, ttl  58, id 14637, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  13521 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:05:01.709718 IP (tos 0x0, ttl  64, id 270, offset 0, flags [DF], proto 17, length: 74) 192.168.1.22.39106 > 64.81.79.2.53:  60731+ PTR? 130.112.102.145.in-addr.arpa. (46)
13:05:01.712821 IP (tos 0x0, ttl  58, id 34509, offset 0, flags [DF], proto 17, length: 107) 64.81.79.2.53 > 192.168.1.22.39106:  60731 1/0/0 130.112.102.145.in-addr.arpa. (79)
13:05:01.713160 IP (tos 0x0, ttl  64, id 274, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  36230+ A? designserver.ahk.nl. (37)
13:05:01.716317 IP (tos 0x0, ttl  58, id 48076, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  36230 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:05:04.069745 IP (tos 0x0, ttl  64, id 2631, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  19079+ A? designserver.ahk.nl. (37)
13:05:04.084135 IP (tos 0x0, ttl  58, id 59235, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  19079 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:05:05.954860 IP (tos 0x0, ttl  64, id 4516, offset 0, flags [DF], proto 17, length: 74) 192.168.1.22.39106 > 64.81.79.2.53:  45250+ PTR? 130.112.102.145.in-addr.arpa. (46)
13:05:05.957973 IP (tos 0x0, ttl  58, id 23078, offset 0, flags [DF], proto 17, length: 107) 64.81.79.2.53 > 192.168.1.22.39106:  45250 1/0/0 130.112.102.145.in-addr.arpa. (79)
13:05:05.958314 IP (tos 0x0, ttl  64, id 4520, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  27157+ A? designserver.ahk.nl. (37)
13:05:05.961596 IP (tos 0x0, ttl  58, id 24769, offset 0, flags [DF], proto 17, length: 81) 64.81.79.2.53 > 192.168.1.22.39106:  27157 1/0/0 designserver.ahk.nl. A 145.102.112.130 (53)
13:05:08.314070 IP (tos 0x0, ttl  64, id 6876, offset 0, flags [DF], proto 17, length: 65) 192.168.1.22.39106 > 64.81.79.2.53:  41533+ A? designserver.ahk.nl. (37)
It's not surprising insomuch as it is doing lots of live email relaying. I'm still unclear what the problem is on xmail1, I noticed a lot of traffic on other local servers showing up in the tcpdump output, but it seemed unrelated to xmail1 itself. What does 192.168.1.19 have to do with xmail1's inability to get a response from the DNS servers that xmail2 can talk to? Thanks so much for your help, I'm really in over my head here I think.
 
Old 06-18-2008, 12:29 PM   #17
dkm999
Member
 
Registered: Nov 2006
Location: Seattle, WA
Distribution: Fedora
Posts: 407

Rep: Reputation: 35
The problem that xmail1 is having is that it is not talking to any of those other DNS servers that you see when you do the trace on xmail2. For reasons that I cannot fully see from out here, xmail1 thinks that its first task (in resolving an IP address under nslookup, at least) is to resolve the address 192.168.1.19 to a DNS name. This is indicated by the first line in your xmail1 trace:
Code:
... 192.168.1.21.32871 > 64.81.79.2.53: 451+ PTR? 19.1.168.192.in-addr.arpa. (43)
This report says that xmail1 sent a query to 64.81.79.2 (dns.sfo1.speakeasy.net) asking for the reverse-mapping (PTR record) corresponding to 192.168.1.19. That request is doomed, for the reasons I noted in my previous posting.

I am sure that you believe that xmail1 is set up just like xmail2, and I am equally sure that this is not actually the case. Somewhere in xmail1's configuration, there must be a line specifying 192.168.1.19 as a server that needs to be consulted about DNS names. If it is not in whatever config file is actually being used by the resolver library, and you are not running a cacheing DNS server on xmail1, I am not certain where else to look. Perhaps a shotgun approach may be the best:
Code:
#grep -r 192\.168\.1\.19 /etc
This will report all the filenames containing references to this address anywhere within the /etc directory tree, and may give us some clues about where else to look.

Sorry I can't be more definitive.
 
Old 06-18-2008, 02:42 PM   #18
kbighorse
LQ Newbie
 
Registered: Jun 2008
Posts: 20

Original Poster
Rep: Reputation: 0
On the contrary, I am absolutely convinced that it's configured differently! Here's the output from 'grep -r 192\.168\.1\.19 /etc':

Code:
[root@xmail1 ~]# grep -r 192\.168\.1\.19 /etc
grep: /etc/httpd/run/avahi-daemon/socket: No such device or address
grep: /etc/httpd/run/rpcbind.sock: No such device or address
grep: /etc/httpd/run/sdp: No such device or address
grep: /etc/httpd/run/acpid.socket: No such device or address
grep: /etc/httpd/run/dbus/system_bus_socket: No such device or address
grep: /etc/httpd/run/pcscd.comm: No such device or address
I'm running the same command on / now. I'd love to eliminate the resolver library configuration file (is that something not '/etc/resolv.conf') possibility; I did post something about a creating a symbolic link at /etc/sysconfig/networking/profiles/default/resolv.conf to /etc/resolv.conf that seemed to have something to do with SELinux. And I see a symbolic link from /etc/named.conf to /var/named/chroot/etc/named.conf but nothing is running from a 'ps -ax | grep named' command. Again, thanks so much for your help.
 
Old 06-18-2008, 03:38 PM   #19
farslayer
LQ Guru
 
Registered: Oct 2005
Location: Northeast Ohio
Distribution: linuxdebian
Posts: 7,249
Blog Entries: 5

Rep: Reputation: 191Reputation: 191
Don't know what you are running for mail, but I ran into a dns issue on my mail server
and even after fixing the problem on the system (/etc/resolv.conf) it was still broken for email.

Debian by default runs postfix in a jail. a quick postfix check showed me
that the resolv.conf in the jail did not match the one for the system so all dns lookups
from postfix were failing while they worked fine at the command line for the system.

Since you mentioned a jail, you may want to compare all those resolv.conf files..

I recommend using dig for testing rather than nslookup I think it's more informative,
and can do directed queries by supplying the dns server you want to query. you can then see
if you force the dns server to query if it works like it's supposed to..


dig www.google.com
- Queries dns for www.google.com

dig @64.81.79.2 www.google.com Queries specified DNS server for www.google.com


so if the first dig query fails, but the second one (the one you direct to your external DNS serer) succeeds, then your system is using a resolv.conf file that isn't correct..

If both fail you have other issues..
 
Old 06-18-2008, 04:02 PM   #20
dkm999
Member
 
Registered: Nov 2006
Location: Seattle, WA
Distribution: Fedora
Posts: 407

Rep: Reputation: 35
I'm with farslayer. Your previous post indicated that if you had been running named, it would have been put in a chroot jail; it is entirely possible that other daemons may be running under similar confinement. This still doesn't explain the nslookup problem that xmail1 has, but investigation in the recommended direction might turn up some clues.
 
Old 06-18-2008, 06:29 PM   #21
kbighorse
LQ Newbie
 
Registered: Jun 2008
Posts: 20

Original Poster
Rep: Reputation: 0
looks like 'other issues' it is:

Code:
[root@xmail1 etc]# dig www.google.com

; <<>> DiG 9.5.0a6 <<>> www.google.com
;; global options:  printcmd
;; connection timed out; no servers could be reached
[root@xmail1 etc]# dig @64.81.79.2 www.google.com

; <<>> DiG 9.5.0a6 <<>> @64.81.79.2 www.google.com
; (1 server found)
;; global options:  printcmd
;; connection timed out; no servers could be reached
Curiously, mule (192.168.1.19) had the reverse situation from what you described:

Code:
[root@mule ~]# dig www.google.com

; <<>> DiG 9.3.2 <<>> www.google.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42020
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 7, ADDITIONAL: 7

;; QUESTION SECTION:
;www.google.com.			IN	A

;; ANSWER SECTION:
www.google.com.		289491	IN	CNAME	www.l.google.com.
www.l.google.com.	178	IN	A	74.125.19.104
www.l.google.com.	178	IN	A	74.125.19.147
www.l.google.com.	178	IN	A	74.125.19.99
www.l.google.com.	178	IN	A	74.125.19.103

;; AUTHORITY SECTION:
l.google.com.		30217	IN	NS	b.l.google.com.
l.google.com.		30217	IN	NS	c.l.google.com.
l.google.com.		30217	IN	NS	d.l.google.com.
l.google.com.		30217	IN	NS	e.l.google.com.
l.google.com.		30217	IN	NS	f.l.google.com.
l.google.com.		30217	IN	NS	g.l.google.com.
l.google.com.		30217	IN	NS	a.l.google.com.

;; ADDITIONAL SECTION:
a.l.google.com.		30403	IN	A	209.85.139.9
b.l.google.com.		30233	IN	A	64.233.179.9
c.l.google.com.		30321	IN	A	64.233.161.9
d.l.google.com.		30306	IN	A	66.249.93.9
e.l.google.com.		30272	IN	A	209.85.137.9
f.l.google.com.		30233	IN	A	72.14.235.9
g.l.google.com.		30257	IN	A	64.233.167.9

;; Query time: 5 msec
;; SERVER: 209.213.223.118#53(209.213.223.118)
;; WHEN: Wed Jun 18 16:04:23 2008
;; MSG SIZE  rcvd: 340

[root@mule ~]# dig @64.79.81.2 www.google.com

; <<>> DiG 9.3.2 <<>> @64.79.81.2 www.google.com
; (1 server found)
;; global options:  printcmd
;; connection timed out; no servers could be reached
I use sendmail on Fedora Core 8, is there a 'check' analogue like for postfix?
 
Old 06-18-2008, 07:32 PM   #22
farslayer
LQ Guru
 
Registered: Oct 2005
Location: Northeast Ohio
Distribution: linuxdebian
Posts: 7,249
Blog Entries: 5

Rep: Reputation: 191Reputation: 191
At this point I would be doing a tcpdump on the Firewall box and checking to see if:

1. the dns query from the host is getting to the firewall..
2. if it's leaving the firewall and being forwarded to the DNS server
3. if the response is coming back from the DNS server to the firewall,
4. then being forwarded back to the originating host.

w
 
Old 06-19-2008, 02:06 PM   #23
kbighorse
LQ Newbie
 
Registered: Jun 2008
Posts: 20

Original Poster
Rep: Reputation: 0
after running the 2 'dig' commands on xmail1:

Code:
[root@trusty ~]# less /var/tcpdump.log | grep "192.168.1.21"
13:07:08.176436 IP (tos 0x0, ttl  64, id 33459, offset 0, flags [DF], proto: UDP (17), length: 71) 192.168.1.21.33081 > 64.81.79.2.53:  21124+ AAAA? mirrors.fedoraproject.org. (43)
13:07:13.175881 IP (tos 0x0, ttl  64, id 38459, offset 0, flags [DF], proto: UDP (17), length: 71) 192.168.1.21.33082 > 216.231.41.2.53:  21124+ AAAA? mirrors.fedoraproject.org. (43)
13:07:18.176409 IP (tos 0x0, ttl  64, id 33460, offset 0, flags [DF], proto: UDP (17), length: 71) 192.168.1.21.33081 > 64.81.79.2.53:  21124+ AAAA? mirrors.fedoraproject.org. (43)
13:07:23.176950 IP (tos 0x0, ttl  64, id 38460, offset 0, flags [DF], proto: UDP (17), length: 71) 192.168.1.21.33082 > 216.231.41.2.53:  21124+ AAAA? mirrors.fedoraproject.org. (43)
13:07:28.177511 IP (tos 0x0, ttl  64, id 53459, offset 0, flags [DF], proto: UDP (17), length: 82) 192.168.1.21.33082 > 64.81.79.2.53:  16073+ AAAA? mirrors.fedoraproject.org.glocap.com. (54)
13:07:33.178041 IP (tos 0x0, ttl  64, id 58459, offset 0, flags [DF], proto: UDP (17), length: 82) 192.168.1.21.33083 > 216.231.41.2.53:  16073+ AAAA? mirrors.fedoraproject.org.glocap.com. (54)
13:07:38.178578 IP (tos 0x0, ttl  64, id 53460, offset 0, flags [DF], proto: UDP (17), length: 82) 192.168.1.21.33082 > 64.81.79.2.53:  16073+ AAAA? mirrors.fedoraproject.org.glocap.com. (54)
13:07:43.179114 IP (tos 0x0, ttl  64, id 58460, offset 0, flags [DF], proto: UDP (17), length: 82) 192.168.1.21.33083 > 216.231.41.2.53:  16073+ AAAA? mirrors.fedoraproject.org.glocap.com. (54)
13:07:48.179674 IP (tos 0x0, ttl  64, id 7923, offset 0, flags [DF], proto: UDP (17), length: 71) 192.168.1.21.33083 > 64.81.79.2.53:  21903+ A? mirrors.fedoraproject.org. (43)
13:07:53.180204 IP (tos 0x0, ttl  64, id 12923, offset 0, flags [DF], proto: UDP (17), length: 71) 192.168.1.21.33084 > 216.231.41.2.53:  21903+ A? mirrors.fedoraproject.org. (43)
13:07:58.180736 IP (tos 0x0, ttl  64, id 7924, offset 0, flags [DF], proto: UDP (17), length: 71) 192.168.1.21.33083 > 64.81.79.2.53:  21903+ A? mirrors.fedoraproject.org. (43)
13:08:03.181292 IP (tos 0x0, ttl  64, id 12924, offset 0, flags [DF], proto: UDP (17), length: 71) 192.168.1.21.33084 > 216.231.41.2.53:  21903+ A? mirrors.fedoraproject.org. (43)
13:08:08.181838 IP (tos 0x0, ttl  64, id 27923, offset 0, flags [DF], proto: UDP (17), length: 82) 192.168.1.21.33084 > 64.81.79.2.53:  2498+ A? mirrors.fedoraproject.org.glocap.com. (54)
13:08:13.182366 IP (tos 0x0, ttl  64, id 32923, offset 0, flags [DF], proto: UDP (17), length: 82) 192.168.1.21.33085 > 216.231.41.2.53:  2498+ A? mirrors.fedoraproject.org.glocap.com. (54)
13:08:18.182900 IP (tos 0x0, ttl  64, id 27924, offset 0, flags [DF], proto: UDP (17), length: 82) 192.168.1.21.33084 > 64.81.79.2.53:  2498+ A? mirrors.fedoraproject.org.glocap.com. (54)
13:08:23.183440 IP (tos 0x0, ttl  64, id 32924, offset 0, flags [DF], proto: UDP (17), length: 82) 192.168.1.21.33085 > 216.231.41.2.53:  2498+ A? mirrors.fedoraproject.org.glocap.com. (54)
13:10:11.867855 IP (tos 0x0, ttl  64, id 20523, offset 0, flags [DF], proto: UDP (17), length: 71) 192.168.1.21.33085 > 64.81.79.2.53:  41911+ PTR? 19.1.168.192.in-addr.arpa. (43)
13:10:16.867774 IP (tos 0x0, ttl  64, id 25523, offset 0, flags [DF], proto: UDP (17), length: 71) 192.168.1.21.33086 > 216.231.41.2.53:  41911+ PTR? 19.1.168.192.in-addr.arpa. (43)
13:10:21.868275 IP (tos 0x0, ttl  64, id 20524, offset 0, flags [DF], proto: UDP (17), length: 71) 192.168.1.21.33085 > 64.81.79.2.53:  41911+ PTR? 19.1.168.192.in-addr.arpa. (43)
13:10:26.868817 IP (tos 0x0, ttl  64, id 25524, offset 0, flags [DF], proto: UDP (17), length: 71) 192.168.1.21.33086 > 216.231.41.2.53:  41911+ PTR? 19.1.168.192.in-addr.arpa. (43)
13:12:22.018200 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: UDP (17), length: 60) 192.168.1.21.33086 > 64.81.79.2.53:  58664+ A? www.google.com. (32)
13:12:23.018222 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: UDP (17), length: 60) 192.168.1.21.33087 > 216.231.41.2.53:  58664+ A? www.google.com. (32)
13:12:28.018773 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: UDP (17), length: 60) 192.168.1.21.33086 > 64.81.79.2.53:  58664+ A? www.google.com. (32)
13:12:29.018908 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: UDP (17), length: 60) 192.168.1.21.33087 > 216.231.41.2.53:  58664+ A? www.google.com. (32)
13:12:34.019485 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: UDP (17), length: 60) 192.168.1.21.33086 > 64.81.79.2.53:  58664+ A? www.google.com. (32)
13:12:35.019620 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: UDP (17), length: 60) 192.168.1.21.33087 > 216.231.41.2.53:  58664+ A? www.google.com. (32)
same commands on xmail2:

Code:
[root@trusty ~]# less /var/tcpdump.log | grep "192.168.1.22"
13:12:12.575412 IP (tos 0x0, ttl  64, id 26063, offset 0, flags [DF], proto: UDP (17), length: 71) 192.168.1.22.50186 > 64.81.79.2.53:  13761+ PTR? 25.1.168.192.in-addr.arpa. (43)
13:12:12.578345 IP (tos 0x0, ttl  58, id 45508, offset 0, flags [DF], proto: UDP (17), length: 71) 64.81.79.2.53 > 192.168.1.22.50186:  13761 NXDomain* 0/0/0 (43)
13:12:12.578808 IP (tos 0x0, ttl  64, id 26067, offset 0, flags [DF], proto: UDP (17), length: 71) 192.168.1.22.50186 > 64.81.79.2.53:  18460+ PTR? 22.1.168.192.in-addr.arpa. (43)
13:12:12.581892 IP (tos 0x0, ttl  58, id 39845, offset 0, flags [DF], proto: UDP (17), length: 71) 64.81.79.2.53 > 192.168.1.22.50186:  18460 NXDomain* 0/0/0 (43)
13:12:12.588016 IP (tos 0x0, ttl  64, id 26076, offset 0, flags [DF], proto: UDP (17), length: 56) 192.168.1.22.50186 > 64.81.79.2.53:  58393+ AAAA? glocap.com. (28)
13:12:12.590846 IP (tos 0x0, ttl  58, id 47726, offset 0, flags [DF], proto: UDP (17), length: 56) 64.81.79.2.53 > 192.168.1.22.50186:  58393 0/0/0 (28)
13:12:12.591079 IP (tos 0x0, ttl  64, id 26079, offset 0, flags [DF], proto: UDP (17), length: 56) 192.168.1.22.50186 > 64.81.79.2.53:  27092+ A? glocap.com. (28)
13:12:12.594136 IP (tos 0x0, ttl  58, id 50568, offset 0, flags [DF], proto: UDP (17), length: 72) 64.81.79.2.53 > 192.168.1.22.50186:  27092 1/0/0 glocap.com. A 207.7.135.70 (44)
13:12:12.597057 IP (tos 0x0, ttl  64, id 26085, offset 0, flags [DF], proto: UDP (17), length: 55) 192.168.1.22.50186 > 64.81.79.2.53:  2101+ AAAA? gmail.com. (27)
13:12:12.599934 IP (tos 0x0, ttl  58, id 41776, offset 0, flags [DF], proto: UDP (17), length: 55) 64.81.79.2.53 > 192.168.1.22.50186:  2101 0/0/0 (27)
13:12:12.600075 IP (tos 0x0, ttl  64, id 26088, offset 0, flags [DF], proto: UDP (17), length: 55) 192.168.1.22.50186 > 64.81.79.2.53:  45323+ A? gmail.com. (27)
13:12:12.603170 IP (tos 0x0, ttl  58, id 50166, offset 0, flags [DF], proto: UDP (17), length: 103) 64.81.79.2.53 > 192.168.1.22.50186:  45323 3/0/0 gmail.com. A 64.233.161.83, gmail.com.[|domain]
13:12:12.655023 IP (tos 0x0, ttl  64, id 26143, offset 0, flags [DF], proto: UDP (17), length: 55) 192.168.1.22.50186 > 64.81.79.2.53:  43013+ MX? gmail.com. (27)
13:12:12.658145 IP (tos 0x0, ttl  58, id 56518, offset 0, flags [DF], proto: UDP (17), length: 186) 64.81.79.2.53 > 192.168.1.22.50186:  43013 5/0/0 gmail.com. MX[|domain]
13:12:12.658605 IP (tos 0x0, ttl  64, id 26147, offset 0, flags [DF], proto: UDP (17), length: 72) 192.168.1.22.50186 > 64.81.79.2.53:  30613+ AAAA? gmail-smtp-in.l.google.com. (44)
13:12:12.661431 IP (tos 0x0, ttl  58, id 63703, offset 0, flags [DF], proto: UDP (17), length: 72) 64.81.79.2.53 > 192.168.1.22.50186:  30613 0/0/0 (44)
13:12:12.661671 IP (tos 0x0, ttl  64, id 26150, offset 0, flags [DF], proto: UDP (17), length: 72) 192.168.1.22.50186 > 64.81.79.2.53:  63934+ A? gmail-smtp-in.l.google.com. (44)
13:12:12.664543 IP (tos 0x0, ttl  58, id 56108, offset 0, flags [DF], proto: UDP (17), length: 104) 64.81.79.2.53 > 192.168.1.22.50186:  63934 2/0/0 gmail-smtp-in.l.google.com.[|domain]
13:12:12.685167 IP (tos 0x0, ttl  64, id 26173, offset 0, flags [DF], proto: UDP (17), length: 71) 192.168.1.22.50186 > 64.81.79.2.53:  39667+ PTR? 22.1.168.192.in-addr.arpa. (43)
13:12:12.688179 IP (tos 0x0, ttl  58, id 24926, offset 0, flags [DF], proto: UDP (17), length: 71) 64.81.79.2.53 > 192.168.1.22.50186:  39667 NXDomain* 0/0/0 (43)
13:14:12.809861 IP (tos 0x0, ttl  64, id 15235, offset 0, flags [DF], proto: UDP (17), length: 71) 192.168.1.22.50186 > 64.81.79.2.53:  13761+ PTR? 25.1.168.192.in-addr.arpa. (43)
13:14:12.812984 IP (tos 0x0, ttl  58, id 55963, offset 0, flags [DF], proto: UDP (17), length: 71) 64.81.79.2.53 > 192.168.1.22.50186:  13761 NXDomain* 0/0/0 (43)
13:14:12.813416 IP (tos 0x0, ttl  64, id 15239, offset 0, flags [DF], proto: UDP (17), length: 71) 192.168.1.22.50186 > 64.81.79.2.53:  42682+ PTR? 22.1.168.192.in-addr.arpa. (43)
13:14:12.816143 IP (tos 0x0, ttl  58, id 50981, offset 0, flags [DF], proto: UDP (17), length: 71) 64.81.79.2.53 > 192.168.1.22.50186:  42682 NXDomain* 0/0/0 (43)
13:14:12.821141 IP (tos 0x0, ttl  64, id 15247, offset 0, flags [DF], proto: UDP (17), length: 56) 192.168.1.22.50186 > 64.81.79.2.53:  7604+ AAAA? glocap.com. (28)
13:14:12.824132 IP (tos 0x0, ttl  58, id 36715, offset 0, flags [DF], proto: UDP (17), length: 56) 64.81.79.2.53 > 192.168.1.22.50186:  7604 0/0/0 (28)
13:14:12.824322 IP (tos 0x0, ttl  64, id 15250, offset 0, flags [DF], proto: UDP (17), length: 56) 192.168.1.22.50186 > 64.81.79.2.53:  21753+ A? glocap.com. (28)
13:14:12.827299 IP (tos 0x0, ttl  58, id 35434, offset 0, flags [DF], proto: UDP (17), length: 72) 64.81.79.2.53 > 192.168.1.22.50186:  21753 1/0/0 glocap.com. A 207.7.135.70 (44)
13:14:12.829191 IP (tos 0x0, ttl  64, id 15255, offset 0, flags [DF], proto: UDP (17), length: 55) 192.168.1.22.50186 > 64.81.79.2.53:  48871+ AAAA? gmail.com. (27)
13:14:12.832215 IP (tos 0x0, ttl  58, id 43252, offset 0, flags [DF], proto: UDP (17), length: 55) 64.81.79.2.53 > 192.168.1.22.50186:  48871 0/0/0 (27)
13:14:12.832440 IP (tos 0x0, ttl  64, id 15258, offset 0, flags [DF], proto: UDP (17), length: 55) 192.168.1.22.50186 > 64.81.79.2.53:  47356+ A? gmail.com. (27)
13:14:12.835277 IP (tos 0x0, ttl  58, id 65127, offset 0, flags [DF], proto: UDP (17), length: 103) 64.81.79.2.53 > 192.168.1.22.50186:  47356 3/0/0 gmail.com. A 209.85.171.83, gmail.com.[|domain]
13:14:12.847842 IP (tos 0x0, ttl  64, id 15273, offset 0, flags [DF], proto: UDP (17), length: 55) 192.168.1.22.50186 > 64.81.79.2.53:  31042+ MX? gmail.com. (27)
13:14:12.850671 IP (tos 0x0, ttl  58, id 38195, offset 0, flags [DF], proto: UDP (17), length: 186) 64.81.79.2.53 > 192.168.1.22.50186:  31042 5/0/0 gmail.com. MX[|domain]
13:14:12.851120 IP (tos 0x0, ttl  64, id 15277, offset 0, flags [DF], proto: UDP (17), length: 72) 192.168.1.22.50186 > 64.81.79.2.53:  51924+ AAAA? gmail-smtp-in.l.google.com. (44)
13:14:12.854039 IP (tos 0x0, ttl  58, id 38949, offset 0, flags [DF], proto: UDP (17), length: 72) 64.81.79.2.53 > 192.168.1.22.50186:  51924 0/0/0 (44)
13:14:12.854179 IP (tos 0x0, ttl  64, id 15280, offset 0, flags [DF], proto: UDP (17), length: 72) 192.168.1.22.50186 > 64.81.79.2.53:  51223+ A? gmail-smtp-in.l.google.com. (44)
13:14:12.857110 IP (tos 0x0, ttl  58, id 49871, offset 0, flags [DF], proto: UDP (17), length: 104) 64.81.79.2.53 > 192.168.1.22.50186:  51223 2/0/0 gmail-smtp-in.l.google.com.[|domain]
13:14:12.878697 IP (tos 0x0, ttl  64, id 15304, offset 0, flags [DF], proto: UDP (17), length: 71) 192.168.1.22.50186 > 64.81.79.2.53:  43809+ PTR? 22.1.168.192.in-addr.arpa. (43)
13:14:12.881893 IP (tos 0x0, ttl  58, id 50068, offset 0, flags [DF], proto: UDP (17), length: 71) 64.81.79.2.53 > 192.168.1.22.50186:  43809 NXDomain* 0/0/0 (43)
13:16:13.440020 IP (tos 0x0, ttl  64, id 4803, offset 0, flags [DF], proto: UDP (17), length: 71) 192.168.1.22.50186 > 64.81.79.2.53:  63558+ PTR? 19.1.168.192.in-addr.arpa. (43)
13:16:13.442841 IP (tos 0x0, ttl  58, id 41403, offset 0, flags [DF], proto: UDP (17), length: 71) 64.81.79.2.53 > 192.168.1.22.50186:  63558 NXDomain* 0/0/0 (43)
13:17:01.100247 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: UDP (17), length: 60) 192.168.1.22.50186 > 64.81.79.2.53:  49132+ A? www.google.com. (32)
13:17:01.103187 IP (tos 0x0, ttl  58, id 57367, offset 0, flags [DF], proto: UDP (17), length: 144) 64.81.79.2.53 > 192.168.1.22.50186:  49132 5/0/0 www.google.com. CNAME www.l.google.com., www.l.google.com.[|domain]
 
Old 06-19-2008, 02:42 PM   #24
dkm999
Member
 
Registered: Nov 2006
Location: Seattle, WA
Distribution: Fedora
Posts: 407

Rep: Reputation: 35
A couple of observations on these traces, and a recommendation.

First, even xmail2 is querying the DNS servers on the public net for reverse lookups of 192.168.1.x addresses (and contrary to my previous posting, the server is replying "No Such Domain" rather than remaining silent). These queries should not be getting out onto the Internet; this is tied into my second observation of the traces: your machines on the Private Network really need to be served by a local DNS server, which will cache the responses to queries on behalf of all the machines behind the firewall, and will then make them available to future inquirers. This server should also be configured as authoritative for the local zone (you can make one up, like local.net), and to supply inverse mappings for the zone 1.168.192.in-addr.arpa (this is the magic name that handles address-to-name lookups. Perhaps trusty is a good spot to run a named daemon, since it has a foot on both the public and private sides.

Second, did your trace on trusty specify any interface? It looks like it might not have, and it looks further like eth0 is probably facing the local net, and eth1 is facing the public Internet connection. If you could re-do this experiment while asking tcpdump to report only traffic on the public side, then we can tell if the DNS packets are actually escaping onto the Internet. So far, it seems that we only know that they are arriving at trusty.


And I must apologize for failing to ask one other question: does trusty have some firewall rules that are doing NAT for you? These can be examined with
Code:
# iptables -t nat
There is definitely something going on that is getting in xmail1's way here.
 
Old 06-19-2008, 05:29 PM   #25
kbighorse
LQ Newbie
 
Registered: Jun 2008
Posts: 20

Original Poster
Rep: Reputation: 0
xmail1:

Code:
[root@trusty ~]# less /var/tcpdump.log | grep "207.7.135.71"
16:26:12.443805 IP (tos 0x0, ttl  63, id 0, offset 0, flags [DF], proto: UDP (17), length: 60) 207.7.135.71.33101 > 64.81.79.2.53:  51247+ A? www.google.com. (32)
16:26:13.442919 IP (tos 0x0, ttl  63, id 0, offset 0, flags [DF], proto: UDP (17), length: 60) 207.7.135.71.33102 > 216.231.41.2.53:  51247+ A? www.google.com. (32)
16:26:18.443456 IP (tos 0x0, ttl  63, id 0, offset 0, flags [DF], proto: UDP (17), length: 60) 207.7.135.71.33101 > 64.81.79.2.53:  51247+ A? www.google.com. (32)
16:26:19.443589 IP (tos 0x0, ttl  63, id 0, offset 0, flags [DF], proto: UDP (17), length: 60) 207.7.135.71.33102 > 216.231.41.2.53:  51247+ A? www.google.com. (32)
16:26:24.444161 IP (tos 0x0, ttl  63, id 0, offset 0, flags [DF], proto: UDP (17), length: 60) 207.7.135.71.33101 > 64.81.79.2.53:  51247+ A? www.google.com. (32)
16:26:25.444303 IP (tos 0x0, ttl  63, id 0, offset 0, flags [DF], proto: UDP (17), length: 60) 207.7.135.71.33102 > 216.231.41.2.53:  51247+ A? www.google.com. (32)
xmail2:

Code:
[root@trusty ~]# less /var/tcpdump.log | grep "207.7.135.72"
16:25:08.256933 IP (tos 0x0, ttl  63, id 2757, offset 0, flags [DF], proto: UDP (17), length: 65) 207.7.135.72.36494 > 64.81.79.2.53:  7964+ AAAA? d.mx.mail.yahoo.com. (37)
16:25:08.259853 IP (tos 0x0, ttl  59, id 51338, offset 0, flags [DF], proto: UDP (17), length: 65) 64.81.79.2.53 > 207.7.135.72.36494:  7964 0/0/0 (37)
16:25:08.260107 IP (tos 0x0, ttl  63, id 2760, offset 0, flags [DF], proto: UDP (17), length: 65) 207.7.135.72.36494 > 64.81.79.2.53:  53529+ A? d.mx.mail.yahoo.com. (37)
16:25:08.263080 IP (tos 0x0, ttl  59, id 59896, offset 0, flags [DF], proto: UDP (17), length: 81) 64.81.79.2.53 > 207.7.135.72.36494:  53529 1/0/0 d.mx.mail.yahoo.com. A 66.196.82.7 (53)
16:25:08.353685 IP (tos 0x0, ttl  63, id 2854, offset 0, flags [DF], proto: UDP (17), length: 71) 207.7.135.72.36494 > 64.81.79.2.53:  53871+ PTR? 22.1.168.192.in-addr.arpa. (43)
16:25:08.356548 IP (tos 0x0, ttl  59, id 62346, offset 0, flags [DF], proto: UDP (17), length: 71) 64.81.79.2.53 > 207.7.135.72.36494:  53871 NXDomain* 0/0/0 (43)
16:25:08.453111 IP (tos 0x0, ttl  63, id 2953, offset 0, flags [DF], proto: UDP (17), length: 65) 207.7.135.72.36494 > 64.81.79.2.53:  17291+ AAAA? a.mx.mail.yahoo.com. (37)
16:25:08.456520 IP (tos 0x0, ttl  59, id 57391, offset 0, flags [DF], proto: UDP (17), length: 65) 64.81.79.2.53 > 207.7.135.72.36494:  17291 0/0/0 (37)
16:25:08.456744 IP (tos 0x0, ttl  63, id 2957, offset 0, flags [DF], proto: UDP (17), length: 65) 207.7.135.72.36494 > 64.81.79.2.53:  45312+ A? a.mx.mail.yahoo.com. (37)
16:25:08.459648 IP (tos 0x0, ttl  59, id 58527, offset 0, flags [DF], proto: UDP (17), length: 81) 64.81.79.2.53 > 207.7.135.72.36494:  45312 1/0/0 a.mx.mail.yahoo.com. A 209.191.118.103 (53)
16:25:08.509971 IP (tos 0x0, ttl  63, id 3010, offset 0, flags [DF], proto: UDP (17), length: 71) 207.7.135.72.36494 > 64.81.79.2.53:  46268+ PTR? 22.1.168.192.in-addr.arpa. (43)
16:25:08.513180 IP (tos 0x0, ttl  59, id 58014, offset 0, flags [DF], proto: UDP (17), length: 71) 64.81.79.2.53 > 207.7.135.72.36494:  46268 NXDomain* 0/0/0 (43)
16:25:08.700675 IP (tos 0x0, ttl  63, id 3201, offset 0, flags [DF], proto: UDP (17), length: 55) 207.7.135.72.36494 > 64.81.79.2.53:  22430+ AAAA? yahoo.com. (27)
16:25:08.703413 IP (tos 0x0, ttl  59, id 47199, offset 0, flags [DF], proto: UDP (17), length: 55) 64.81.79.2.53 > 207.7.135.72.36494:  22430 0/0/0 (27)
16:25:08.703632 IP (tos 0x0, ttl  63, id 3204, offset 0, flags [DF], proto: UDP (17), length: 55) 207.7.135.72.36494 > 64.81.79.2.53:  15087+ A? yahoo.com. (27)
trusty's NAT:

Code:
[root@trusty ~]# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
...
DNAT       all  --  anywhere             207.7.135.71        to:192.168.1.21
DNAT       all  --  anywhere             207.7.135.72        to:192.168.1.22
...

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
...
SNAT       all  --  192.168.1.21         anywhere            to:207.7.135.71
SNAT       all  --  192.168.1.22         anywhere            to:207.7.135.72
...
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
 
Old 06-19-2008, 05:37 PM   #26
dkm999
Member
 
Registered: Nov 2006
Location: Seattle, WA
Distribution: Fedora
Posts: 407

Rep: Reputation: 35
OK, assuming that your "grep" didn't remove anything interesting from the trace, is there anything else between you and your ISP that could be filtering out these packets? It appears clear that they are leaving trusty just fine, but the answers are not returning.
 
Old 06-19-2008, 08:21 PM   #27
kbighorse
LQ Newbie
 
Registered: Jun 2008
Posts: 20

Original Poster
Rep: Reputation: 0
I will ask my ISP and get back, I grep'd since there was so much output, is there anything I should look for that might be of interest?
 
Old 06-23-2008, 04:23 PM   #28
kbighorse
LQ Newbie
 
Registered: Jun 2008
Posts: 20

Original Poster
Rep: Reputation: 0
I checked with my ISP and they say there's nothing filtering packets between my gateway machine and the Internet. I also reinstalled FC 8 and made sure SELinux and the local firewall was disabled, just to check and the error persists. I'm going to try the new Fedora Core 9 install and then later tonight I'll take down the firewall and see if that fixes it. Other than that, I'm running out of ideas here.
 
Old 06-23-2008, 06:21 PM   #29
dkm999
Member
 
Registered: Nov 2006
Location: Seattle, WA
Distribution: Fedora
Posts: 407

Rep: Reputation: 35
One of the reasons that tcpdump has all the filtering rules built into it is so that there won't be a whole lot of irrelevant output. I highly recommend that you use its filtering rules, so that we are sure that it is capturing the actual traffic we care about. In this case, set up the following on trusty:
Code:
#tcpdump -i eth1 -nn udp port 53 host 64.81.79.2
This trace will capture any packet that might be involved in the attempted conversation between the speakeasy DNS server and any machine on your net. I am hoping that, if we can see all these packets, we may find something going astray (which is getting filtered out if you grep a less-restricted trace).

I have assumed (again) that eth1 is the interface that faces the public Internet, and that eth0 is facing your local net. If this is not so, please adjust the parameter in the tcpdump command. It is important that we trace the actual stuff going out onto the Internet, not some intermediate version that is going to be subjected to further processing before it goes out on your wire to the world.
 
Old 06-26-2008, 04:22 PM   #30
kbighorse
LQ Newbie
 
Registered: Jun 2008
Posts: 20

Original Poster
Rep: Reputation: 0
Your command returned a syntax error, so I used the following:

Code:
tcpdump host 64.81.79.2 -i eth1 -nn > /var/tcpdump.log
Code:
15:00:10.159128 IP 64.81.79.2.53 > 207.7.135.73.40301:  51927 2/0/0 A 206.190.60.37, (59)
15:00:10.159321 IP 64.81.79.2.53 > 207.7.135.73.40302:  28291 NXDomain* 0/0/0 (43)
15:00:10.159894 IP 64.81.79.2.53 > 207.7.135.73.40304:  51541 NXDomain* 0/0/0 (43)
15:00:10.161585 IP 207.7.135.74.57781 > 64.81.79.2.53:  63784+ AAAA? glocap.com. (28)
15:00:10.164619 IP 64.81.79.2.53 > 207.7.135.74.57781:  63784 0/0/0 (28)
15:00:10.164778 IP 207.7.135.74.57781 > 64.81.79.2.53:  65417+ A? glocap.com. (28)
15:00:10.167807 IP 64.81.79.2.53 > 207.7.135.74.57781:  65417 1/0/0 A 207.7.135.70 (44)
15:00:10.169751 IP 207.7.135.74.57781 > 64.81.79.2.53:  50096+ AAAA? yahoo.com. (27)
15:00:10.172115 IP 207.7.135.73.40305 > 64.81.79.2.53:  15233+ A? a.mx.mail.yahoo.com. (37)
15:00:10.172753 IP 207.7.135.73.40306 > 64.81.79.2.53:  13242+ AAAA? glocap.com. (28)
15:00:10.172958 IP 64.81.79.2.53 > 207.7.135.74.57781:  50096 0/0/0 (27)
15:00:10.173145 IP 207.7.135.74.57781 > 64.81.79.2.53:  59041+ A? yahoo.com. (27)
15:00:10.174877 IP 64.81.79.2.53 > 207.7.135.73.40305:  15233 1/0/0 A 209.191.118.103 (53)
15:00:10.175876 IP 64.81.79.2.53 > 207.7.135.73.40306:  13242 0/0/0 (28)
15:00:10.176094 IP 64.81.79.2.53 > 207.7.135.74.57781:  59041 2/0/0 A 206.190.60.37, (59)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
sendmail - Connection timed out [dsn=4.0.0 stat=Deferred: Connection timed out] ananthak Linux - Software 0 04-24-2007 07:28 AM
Connection time out;no servers could be reached sonvu Linux - Networking 1 12-16-2006 09:43 PM
DNS: connection timed out; no servers could be reached ubu_roi Linux - Networking 1 04-13-2005 11:45 AM
nslookup gives "connection timed out; no server could be reached" hello321_1999 Linux - Networking 3 11-26-2004 11:23 AM
connection timed out;no servers could be reached nitin34847 Linux - Networking 0 05-23-2004 12:47 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:14 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration