Re: Resolver problems

To: NetBSD Users <netbsd-users%netbsd.org@localhost>
Subject: Re: Resolver problems
From: Ingolf Steinbach <ingolf.steinbach%googlemail.com@localhost>
Date: Thu, 3 Dec 2009 11:40:29 +0100

2009/12/3 Greg A. Woods <woods%planix.com@localhost>:
> You could recompile the whole system without INET6 support, i.e. with
> the following in /etc/mk.conf:

That would be my last option but maybe there is a less rigorous way?

> What's in the packet above?  It would appear to be an answer to the
> AAAA query right above it, but your tcpdump didn't decode it.

I traced it again, this time with -X:

11:29:42.285859 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none],
proto UDP (17), length 63) 192.168.2.5.65391 > 192.168.2.1.53: [udp
sum ok] 51968+ AAAA? ftp.fr.netbsd.org. (35)
        0x0000:  4500 003f 0000 0000 4011 f557 c0a8 0205  E..?....@..W....
        0x0010:  c0a8 0201 ff6f 0035 002b d954 cb00 0100  .....o.5.+.T....
        0x0020:  0001 0000 0000 0000 0366 7470 0266 7206  .........ftp.fr.
        0x0030:  6e65 7462 7364 036f 7267 0000 1c00 01    netbsd.org.....
11:29:42.714168 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto
UDP (17), length 145) 192.168.2.1.3072 > 192.168.2.5.65391: [udp sum
ok] UDP, length 117
        0x0000:  4500 0091 0000 4000 4011 b505 c0a8 0201  E.....@.@.......
        0x0010:  c0a8 0205 0c00 ff6f 007d 129b cb00 8180  .......o.}......
        0x0020:  0001 0003 0000 0000 0366 7470 0266 7206  .........ftp.fr.
        0x0030:  6e65 7462 7364 036f 7267 0000 1c00 01c0  netbsd.org......
        0x0040:  0c00 0500 0100 000e 1000 0704 6674 7032  ............ftp2
        0x0050:  c010 c02f 0005 0001 0000 0e10 0017 0861  .../...........a
        0x0060:  6e74 696f 6368 6508 616e 7469 6f63 6865  ntioche.antioche
        0x0070:  0265 75c0 1ac0 4200 1c00 0100 000e 1000  .eu...B.........
        0x0080:  1020 0106 6033 0228 2a02 0475 fffe 9f9e  ....`3.(*..u....
        0x0090:  11                                       .

> Here it looks like your client rejecting the very same port it sent the
> AAAA? query from as unreachable.  It should allow an answer back to that
> same port.

But from a different source port?

> Do you have a firewall turned on that's not setting up a connection
> state entry for the query and then when the reply arrives it's sending
> the port unreachable in response instead of allowing it through?

None that I am aware of. This is a freshly installed NetBSD box.

> Maybe you should run NetBSD on your router too?  :-)

I'm sorry Greg, I'm afraid I can't do that.

> Note that when I do a AAAA query to my caching server (which happens to
> be "unbound" running on NetBSD-4), I get an immediate reply (within .001
> seconds, if you believe the timestamps) saying that there is no such
> record:

Is your caching server configured to answer all AAAA queries automatically
with NXDOMAIN? Which named / configuration are you using?

Ingolf

References:
- Resolver problems
  - From: Ingolf Steinbach
- Re: Resolver problems
  - From: Greg A. Woods

Prev by Date: Re: Resolver problems
Next by Date: Re: ***UNCHECKED*** Re: games/adventure
Previous by Thread: Re: Resolver problems
Next by Thread: Re: Resolver problems
Indexes:

Home | Main Index | Thread Index | Old Index