Error Sending Response Host Unreachable
Contents |
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss view external error sending response host unreachable the workings and policies of this site About Us Learn more about
Bind9 Error Sending Response Host Unreachable
Stack Overflow the company Business Learn more about hiring developers or posting ads with us Server Fault
Bind Error Sending Response Network Unreachable
Questions Tags Users Badges Unanswered Ask Question _ Server Fault is a question and answer site for system and network administrators. Join them; it only takes a minute: Sign up
Named Error Sending Response Unset
Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top bind9 “error sending response: host unreachable” up vote 2 down vote favorite I have a number of DNS servers, all running bind9 (9.5.1, to be specific) under fedora. 4 of them are slaves, fed by a bind destination host unreachable common master for our public DNS. These are all located on the public gateways of our various offices. One of them has tons of messages in its log files similar to these: Jul 21 17:26:18 gateway named[3487]: client 10.171.3.8#52500: view internal: error sending response: host unreachable I wonder where that comes from. The firewall is open on port 53 between the two machines (10.171.3.8 is an internal DNS server located on a Windows Domain Controller). The internal domains do NOT list the gateway as a name server (so there should not be any attempts of replicating the domains), and the gateway does not handle any internal DNS. The clients in these messages vary between the two domain controllers on the internal network and a third internal name server (running bind9 on debian in a different segment of the network). Any pointers are highly welcome. In response to the first reply: The issue with this really is that tcpdump doesn't show any problems. Here is an extract from "tcpdump -i any port 53" 09:13:38.283308 IP v
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] Here is my Iptables configuration for bind : # prod.dns.in $IPTABLES -t filter -A INPUT -j LOGACCEPT -p udp --dport 53 -i eth1-d 192.168.201.2 -s 0/0 $IPTABLES -t ping response destination host unreachable filter -A INPUT -j LOGACCEPT -p tcp --dport 53 -i eth1 -d 192.168.201.2 -s 0/0 # OUTPUT #------------- # prod.dns.out $IPTABLES -t filter -A OUTPUT -j LOGACCEPT -p tcp --dport 53 -o eth1 -s 192.168.201.2 -d 0/0 $IPTABLES -t filter -A OUTPUT -j LOGACCEPT -p udp --dport 53 -o eth1 -s 192.168.201.2 -d 0/0 My issue is between two Bind servers. The one having the error messages, is my Public DNS server, used by the internal server http://serverfault.com/questions/162705/bind9-error-sending-response-host-unreachable as forwarders. here is the drop from the firewall. [FW-DROP] IN= OUT=eth1 SRC=192.168.200.2 DST=192.168.201.1 LEN=81 TOS=0x00 PREC=0x00 TTL=64 ID=65231 PROTO=UDP SPT=53 DPT=37513 LEN=61 UID=108 GID=111 doesn't seems to be a TCP issue as the packet is UDP. Any idea ? Regards, On 12 March 2012 18:00, Chuck Swiger
this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start http://forum.directadmin.com/showthread.php?t=15730 viewing messages, select the forum that you want to visit from the selection below. https://dan.langille.org/2014/05/12/named-error-sending-response-host-unreachable/ Results 1 to 11 of 11 Thread: client error sending response: host unreachable Thread Tools Show Printable Version Email this Page… Display Linear Mode Switch to Hybrid Mode Switch to Threaded Mode 11-06-2006,06:17 AM #1 jjma View Profile View Forum Posts Visit Homepage Verified User Join Date Mar 2004 Location Edinburgh,Scotland Posts 329 client error sending error sending response: host unreachable Getting these strange errors in named log file: Nov 06 13:15:39.104 client: client 66.230.157.20#4677: error sending response: host unreachable and other ip addresses. If I turn of the firewall (apf) they disappear. I don't have egress settings turned on and allow icmp in and out and port 53 allowed. Any help? Jon Reply With Quote 11-06-2006,04:08 PM #2 xemaps View Profile View Forum Posts Verified User Join Date error sending response Apr 2006 Location Europe Posts 430 is that really a problem ? xemaps Hate cavern ages. Hate spam and will fight against. Member of spamcop / stormcenter sans.org and other. Reply With Quote 11-07-2006,12:32 AM #3 jjma View Profile View Forum Posts Visit Homepage Verified User Join Date Mar 2004 Location Edinburgh,Scotland Posts 329 Yes and no. I'm not entirely sure I understand the error having 'googled' it but the nameserver works - checked dnsreport.com. Watching firewall logs for clues... Jon Reply With Quote 11-07-2006,01:02 AM #4 jjma View Profile View Forum Posts Visit Homepage Verified User Join Date Mar 2004 Location Edinburgh,Scotland Posts 329 A couple of lines pulled out of the firewall: [root@ns1 root]# grep '58.69.254.4' /var/log/* Nov 7 09:09:59 ns1 kernel: ** OUT_UDP DROP ** IN= OUT=eth0 SRC=OURNAMESERVER DST=58.69.254.4 LEN=273 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=5 LEN=253 Nov 7 09:10:01 ns1 kernel: ** OUT_UDP DROP ** IN= OUT=eth0 SRC=OURNAMESERVER DST=58.69.254.4 LEN=145 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=5 LEN=125 [root@ns1 root]# grep '193.41.16.26' /var/log/* Nov 7 09:12:15 ns1 kernel: ** OUT_UDP DROP ** IN= OUT=eth0 SRC=OUR NAMESERVER DST=193.41.16.26 LEN=280 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=36 LEN=260 The packet's destination port for the first query is destination port 5 which appears
my logs: May 12 03:03:36 toiler named[89425]: client 10.55.0.117#62049: error sending response: host unreachable May 12 03:03:51 toiler named[89425]: client 10.55.0.117#57916: error sending response: host unreachable May 12 03:03:58 toiler named[89425]: client 10.55.0.117#57916: error sending response: host unreachable May 12 03:04:14 toiler named[89425]: client 10.55.0.117#33183: error sending response: host unreachable May 12 03:04:21 toiler named[89425]: client 10.55.0.117#33183: error sending response: host unreachable May 12 03:04:36 toiler named[89425]: client 10.55.0.117#32906: error sending response: host unreachable May 12 03:04:43 toiler named[89425]: client 10.55.0.117#32906: error sending response: host unreachable May 12 03:04:58 toiler named[89425]: client 10.55.0.117#23841: error sending response: host unreachable May 12 03:05:05 toiler named[89425]: client 10.55.0.117#23841: error sending response: host unreachable May 12 03:05:20 toiler named[89425]: client 10.55.0.117#41946: error sending response: host unreachable May 12 03:05:27 toiler named[89425]: client 10.55.0.117#41946: error sending response: host unreachable May 12 03:05:43 toiler named[89425]: client 10.55.0.117#35243: error sending response: host unreachable May 12 03:05:50 toiler named[89425]: client 10.55.0.117#35243: error sending response: host unreachable May 12 03:06:05 toiler named[89425]: client 10.55.0.117#47116: error sending response: host unreachable May 12 03:06:12 toiler named[89425]: client 10.55.0.117#47116: error sending response: host unreachable May 12 03:06:27 toiler named[89425]: client 10.55.0.117#64226: error sending response: host unreachable May 12 03:06:34 toiler named[89425]: client 10.55.0.117#64226: error sending response: host unreachable May 12 03:06:49 t