Hi,
I have a FreeBSD router/firewall/DNS/DHCP server that has suddenly stopped resolving local machine IPs (192.168.3.84), but I can still resolve external IPs/hostnames. I can't give any insight into what might have changed with the machine because nothing has changed on it for quite a while - it's out of reach in the bottom of a closet.
I've spent a few hours last night and this morning trying different tests and slight changes to the BIND configuration but nothing has worked yet and I'm out of ideas/things to Google.
The FreeBSD machine is running FBSD 8.0-RELEASE-p1 and has BIND, ISC-DHCP, PF and PPP installed and running fine. I am positive it's not PF as it hasn't changed, but to be sure I have disabled it with [CMD="pfctl -d"][/CMD]
I am using these two computers to try to fix this:
blackhole - 192.168.3.101 (FBSD server)
hackedpackard - 192.168.3.84 (Arch Linux)
Below are the contents of the various files:
/etc/namedb/named.conf
http://pastebin.org/183802
/etc/namedb/master/gtfo-forward.db
http://pastebin.org/183796
/etc/namedb/master/3.168.192.db
http://pastebin.org/183800
/etc/namedb/master/localhost-forward.db (Standard from installation)
http://pastebin.org/183808
/etc/namedb/master/localhost-reverse.db (Standard from installation)
http://pastebin.org/183807
/var/log/messages
I can ping external IPs and hostnames without a problem:
And I can dig external hostnames and IPs:
But for internal IPs and hostnames, I can only ping IPs:
And I can't dig local hostnames but I can dig IPs:
hackedpackard:
blackhole:
I'm out of other ideas at the moment, so if you guys have anything please let me know.
Cheers.
I have a FreeBSD router/firewall/DNS/DHCP server that has suddenly stopped resolving local machine IPs (192.168.3.84), but I can still resolve external IPs/hostnames. I can't give any insight into what might have changed with the machine because nothing has changed on it for quite a while - it's out of reach in the bottom of a closet.
I've spent a few hours last night and this morning trying different tests and slight changes to the BIND configuration but nothing has worked yet and I'm out of ideas/things to Google.
The FreeBSD machine is running FBSD 8.0-RELEASE-p1 and has BIND, ISC-DHCP, PF and PPP installed and running fine. I am positive it's not PF as it hasn't changed, but to be sure I have disabled it with [CMD="pfctl -d"][/CMD]
I am using these two computers to try to fix this:
blackhole - 192.168.3.101 (FBSD server)
hackedpackard - 192.168.3.84 (Arch Linux)
Below are the contents of the various files:
/etc/namedb/named.conf
http://pastebin.org/183802
/etc/namedb/master/gtfo-forward.db
http://pastebin.org/183796
/etc/namedb/master/3.168.192.db
http://pastebin.org/183800
/etc/namedb/master/localhost-forward.db (Standard from installation)
http://pastebin.org/183808
/etc/namedb/master/localhost-reverse.db (Standard from installation)
http://pastebin.org/183807
/var/log/messages
Code:
Apr 27 15:20:36 blackhole named[1402]: starting BIND 9.7.0rc1 -t /var/named -u bind
Apr 27 15:20:36 blackhole named[1402]: built with '--localstatedir=/var' '--disable-linux-caps'
'--disable-symtable' '--with-randomdev=/dev/random' '--with-openssl=/usr' '--with-libxml2=/usr/local'
'--without-idn' '--enable-threads' '--sysconfdir=/etc/namedb' '--prefix=/usr' '--mandir=/usr/share/man'
'--infodir=/usr/share/info/' '--build=i386-portbld-freebsd8.0' 'build_alias=i386-portbld-freebsd8.0'
'CC=cc' 'CFLAGS=-O2 -pipe -fno-strict-aliasing' 'LDFLAGS= -rpath=/usr/lib:/usr/local/lib' 'CXX=c++'
'CXXFLAGS=-O2 -pipe -fno-strict-aliasing'
Apr 27 15:20:36 blackhole named[1402]: command channel listening on 127.0.0.1#953
Apr 27 15:20:36 blackhole named[1402]: the working directory is not writable
I can ping external IPs and hostnames without a problem:
Code:
blackhole# ping google.com
PING google.com (66.102.11.104): 56 data bytes
64 bytes from 66.102.11.104: icmp_seq=0 ttl=58 time=65.855 ms
Code:
blackhole# ping 66.102.11.104
PING 66.102.11.104 (66.102.11.104): 56 data bytes
64 bytes from 66.102.11.104: icmp_seq=0 ttl=58 time=16.766 ms
And I can dig external hostnames and IPs:
Code:
blackhole# dig google.com
; <<>> DiG 9.7.0rc1 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27263
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 116 IN A 66.102.11.104
;; AUTHORITY SECTION:
google.com. 86021 IN NS ns4.google.com.
google.com. 86021 IN NS ns3.google.com.
google.com. 86021 IN NS ns2.google.com.
google.com. 86021 IN NS ns1.google.com.
;; ADDITIONAL SECTION:
ns1.google.com. 84784 IN A 216.239.32.10
ns2.google.com. 84800 IN A 216.239.34.10
ns3.google.com. 84801 IN A 216.239.36.10
ns4.google.com. 84801 IN A 216.239.38.10
;; Query time: 5 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Apr 27 15:35:01 2010
;; MSG SIZE rcvd: 180
Code:
blackhole# dig -x 66.102.11.104
; <<>> DiG 9.7.0rc1 <<>> -x 66.102.11.104
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6099
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
;; QUESTION SECTION:
;104.11.102.66.in-addr.arpa. IN PTR
;; ANSWER SECTION:
104.11.102.66.in-addr.arpa. 84725 IN PTR syd01s01-in-f104.1e100.net.
;; AUTHORITY SECTION:
11.102.66.in-addr.arpa. 84725 IN NS ns2.google.com.
11.102.66.in-addr.arpa. 84725 IN NS ns3.google.com.
11.102.66.in-addr.arpa. 84725 IN NS ns1.google.com.
11.102.66.in-addr.arpa. 84725 IN NS ns4.google.com.
;; ADDITIONAL SECTION:
ns1.google.com. 84701 IN A 216.239.32.10
ns2.google.com. 84717 IN A 216.239.34.10
ns3.google.com. 84718 IN A 216.239.36.10
ns4.google.com. 84718 IN A 216.239.38.10
;; Query time: 56 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Apr 27 15:36:24 2010
;; MSG SIZE rcvd: 230
But for internal IPs and hostnames, I can only ping IPs:
Code:
blackhole# ping 192.168.3.84
PING 192.168.3.84 (192.168.3.84): 56 data bytes
64 bytes from 192.168.3.84: icmp_seq=0 ttl=64 time=0.444 ms
Code:
blackhole# ping hackedpackard
ping: cannot resolve hackedpackard: Host name lookup failure
Code:
blackhole# ping hackedpackard.gtfo.local
ping: cannot resolve hackedpackard.gtfo.local: Host name lookup failure
And I can't dig local hostnames but I can dig IPs:
Code:
blackhole# dig hackedpackard
; <<>> DiG 9.7.0rc1 <<>> hackedpackard
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7569
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;hackedpackard. IN A
;; AUTHORITY SECTION:
. 1147 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2010042601 1800 900 604800 86400
;; Query time: 26 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Apr 27 15:37:06 2010
;; MSG SIZE rcvd: 106
Code:
blackhole# dig hackedpackard.gtfo.local
; <<>> DiG 9.7.0rc1 <<>> hackedpackard.gtfo.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 59439
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;hackedpackard.gtfo.local. IN A
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Apr 27 15:38:30 2010
;; MSG SIZE rcvd: 42
Code:
blackhole# dig -x 192.168.3.84
; <<>> DiG 9.7.0rc1 <<>> -x 192.168.3.84
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33161
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;84.3.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
84.3.168.192.in-addr.arpa. 3600 IN PTR hackedpackard.gtfo.local.
;; AUTHORITY SECTION:
3.168.192.in-addr.arpa. 3600 IN NS blackhole.gtfo.local.
;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Apr 27 15:37:48 2010
;; MSG SIZE rcvd: 105
hackedpackard:
Code:
[thom@hackedpackard ~]$ cat /etc/resolv.conf
domain gtfo.local
nameserver 192.168.3.101
Code:
[thom@hackedpackard ~]$ cat /etc/hosts
127.0.0.1 hackedpackard.gtfo.local hackedpackard localhost
192.168.3.84 hackedpackard.gtfo.local hackedpackard
blackhole:
Code:
blackhole# cat /etc/resolv.conf
domain gtfo.local
nameserver 127.0.0.1
nameserver 192.168.3.101
Code:
blackhole# cat /etc/hosts
::1 localhost localhost.gtfo.local
127.0.0.1 localhost localhost.gtfo.local
192.168.3.101 blackhole.gtfo.local blackhole
I'm out of other ideas at the moment, so if you guys have anything please let me know.
Cheers.