DNS with host works, but not with mysql or ping

Sergei G sergeig.public at gmail.com
Mon Feb 29 18:10:46 UTC 2016 

It appears that host is suffering from the same problem:

host yahoo.com
yahoo.com has address 206.190.36.45
yahoo.com has address 98.138.253.109
yahoo.com has address 98.139.183.24
yahoo.com has IPv6 address 2001:4998:44:204::a7
yahoo.com has IPv6 address 2001:4998:58:c02::a9
yahoo.com has IPv6 address 2001:4998:c:a06::2:4008
yahoo.com mail is handled by 1 mta7.am0.yahoodns.net.
yahoo.com mail is handled by 1 mta6.am0.yahoodns.net.
yahoo.com mail is handled by 1 mta5.am0.yahoodns.net.


fetch  http://206.190.36.45  (yahoo)
times out


On Mon, Feb 29, 2016 at 9:57 AM, Sergei G <sergeig.public at gmail.com> wrote:

> If I use host command to resolve name to IP, then I get a correct IP.
>
> If I use ping, mysql, fetch commands, then DNS fails to resolve.  I can't
> quite figure out what the difference is.
>
> Jailed machine configuration:
>
> 1) issue is inside jailed system
> 2) /etc/resolv.conf points to host's machine with nameserver 10.0.1.10
>
> Host machine:
> 1) runs firewall
> 2) runs local_unbind on all 53 ports
> 3) runs nsd for private network on 1053 port.
>
> I am quite confused ATM.
>
> pfctl -sr   Output on the host:
>
> No ALTQ support in kernel
> ALTQ related functions disabled
> scrub in all fragment reassemble
> block drop in log on bce0 all
> block return in log on bce0 proto tcp from any to any port = ssh
> block drop in log (to pflog1) quick on bce0 proto tcp from any to any port
> = mdns
> block drop in log (to pflog1) quick on bce0 proto tcp from any to any port
> = 17500
> block drop in log (to pflog1) quick on bce0 proto udp from any to any port
> = mdns
> block drop in log (to pflog1) quick on bce0 proto udp from any to any port
> = 17500
> block drop in quick on bce0 proto udp from any to any port = netbios-ns
> block drop in quick on bce0 proto udp from any to any port = netbios-dgm
> block drop in quick on bce0 proto udp from any to any port = 1900
> block drop in quick on bce0 proto udp from any to any port = sunrpc
> block drop in quick on bce0 proto tcp from any to any port = commplex-main
> block drop in log (to pflog1) quick on bce0 proto igmp all
> block drop in quick on bce0 inet proto udp from 0.0.0.0 port = bootpc to
> any port = bootps
> pass in quick on bce0 inet proto udp from 10.0.1.1 port = bootps to any
> port = bootpc keep state
> pass out quick on bce0 inet proto udp from any port = bootpc to 10.0.1.1
> port = bootps keep state
> block drop in log (to pflog1) quick on bce0 inet6 all
> pass in quick on bce0 inet proto tcp from 10.0.1.0/24 to 10.0.1.10 port =
> domain flags S/SA keep state
> pass in quick on bce0 inet proto tcp from 10.0.1.0/24 to 10.0.1.10 port =
> ssh flags S/SA keep state
> pass in quick on bce0 inet proto tcp from 192.168.3.0/24 to 10.0.1.10
> port = domain flags S/SA keep state
> pass in quick on bce0 inet proto tcp from any to 10.0.1.10 port = http
> flags S/SA keep state
> pass in quick on bce0 inet proto tcp from any to 10.0.1.10 port = https
> flags S/SA keep state
> pass in quick on bce0 inet proto tcp from any to 10.0.1.10 port = auth
> flags S/SA keep state
> pass in quick on bce0 inet proto tcp from 198.182.9.1 to 10.0.1.10 port =
> ssh flags S/SA keep state
> pass in quick on bce0 inet proto tcp from 10.0.1.101 port = 8090 to
> 10.0.1.10 flags S/SA keep state
> pass in quick on bce0 inet proto udp from 10.0.1.0/24 to 10.0.1.10 port =
> domain keep state
> pass in quick on bce0 inet proto udp from 192.168.3.0/24 to 10.0.1.10
> port = domain keep state
> pass in quick on bce0 inet proto icmp from 10.0.1.0/24 to 10.0.1.10
> icmp-type echoreq keep state
> pass in log quick on bce0 inet proto tcp from 10.0.1.0/24 to 10.0.1.10
> port = domain flags S/SA keep state
> pass in log quick on bce0 inet proto tcp from 10.0.1.0/24 to 10.0.1.10
> port = 1053 flags S/SA keep state
> pass in log quick on bce0 inet proto udp from 10.0.1.0/24 to 10.0.1.10
> port = domain keep state
> pass in log quick on bce0 inet proto udp from 10.0.1.0/24 to 10.0.1.10
> port = 1053 keep state
> pass in log quick on lo0 inet proto tcp from 10.0.1.0/24 to 127.0.0.1
> port = 1053 flags S/SA keep state
> pass in log quick on lo0 inet proto udp from 10.0.1.0/24 to 127.0.0.1
> port = 1053 keep state
> pass in quick on bce0 inet proto tcp from 10.0.1.0/24 to 192.168.3.17
> port = imap flags S/SA keep state
> pass in quick on bce0 inet proto tcp from 10.0.1.0/24 to 192.168.3.17
> port = smtp flags S/SA keep state
> pass in quick on bce0 inet proto tcp from 10.0.1.0/24 to 192.168.3.17
> port = submission flags S/SA keep state
> pass in quick on bce0 inet proto tcp from 192.168.3.0/24 to 192.168.3.17
> port = imap flags S/SA keep state
> pass in quick on bce0 inet proto tcp from 192.168.3.0/24 to 192.168.3.17
> port = smtp flags S/SA keep state
> pass in quick on bce0 inet proto tcp from 192.168.3.0/24 to 192.168.3.17
> port = submission flags S/SA keep state
> pass in quick on bce0 inet proto tcp from 10.0.1.10 to 192.168.3.11 port =
> 9000 flags S/SA keep state
> pass in quick on bce0 inet proto tcp from 10.0.1.10 to 192.168.3.15 port =
> 9000 flags S/SA keep state
> pass in quick on bce0 inet proto tcp from 10.0.1.10 to 192.168.3.22 port =
> 9000 flags S/SA keep state
> pass in quick on bce0 inet proto tcp from 10.0.1.10 to 192.168.3.13 port =
> 9001 flags S/SA keep state
> pass out quick on bce0 inet proto tcp from 10.0.1.10 to 10.0.1.101 port =
> 8090 flags S/SA keep state
> pass out quick on bce0 inet proto udp from any to any port = domain keep
> state
> pass out quick on bce0 inet proto icmp all icmp-type echoreq keep state
> pass in on bce0 inet proto tcp from 10.0.1.0/24 to any port = ftp flags
> S/SA keep state
> pass in on bce0 inet proto tcp from 10.0.1.0/24 to any port > 49151 flags
> S/SA keep state
>
>

More information about the freebsd-questions mailing list