Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 33
  1. #21
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,236

    Default

    Make sure you can even resolve!

    My debian box by default the Bind service wouldn't respond to a public address, and Untangle will use the IP address of external when it makes requests.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  2. #22
    Master Untangler
    Join Date
    Aug 2008
    Posts
    639

    Default

    That doesn't seem to be an issue in my case (requests are coming from the internal IP address), but thanks for the heads up!

  3. #23
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,236

    Default

    Ahh you're using a bridge?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #24
    Master Untangler
    Join Date
    Aug 2008
    Posts
    639

    Default

    No, I'm not.

  5. #25
    Master Untangler
    Join Date
    Aug 2008
    Posts
    639

    Default

    Do you know how I can capture the actual response (ie: 127.0.0.1) from the remote server using tcpdump?

  6. #26
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,236

    Default

    tcpdump "host 127.0.0.1 && port 53"

    I think... but honestly I'm not quite sure what you're asking here. Too many hours, not enough sleep this week it's taking its toll.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #27
    Master Untangler
    Join Date
    Aug 2008
    Posts
    639

    Default

    I want to monitor the DNS traffic from between the Spam Blocker and the remote sites (spamhaus.org, dnswl.org, etc) to watch for inconsistent or improper results. I can capture most of what I'm looking for with this command:

    sudo tcpdump -i eth0 -n udp port 53 -vvv

    However, I don't see the actual 127.*.*.* return codes.

  8. #28
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,236

    Default

    You'd need to be performing packet captures on your DNS server then, not Untangle.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #29
    Master Untangler
    Join Date
    Aug 2008
    Posts
    639

    Default

    Quote Originally Posted by sky-knight View Post
    You'd need to be performing packet captures on your DNS server then, not Untangle.
    Yes, that's what I'm doing. I ended up processing through Wireshark and I'm seeing the following on many of the DNS responses:
    HTML Code:
    Flags: 0x8403 Standard query response, No such name
    Here's what I get when I run commands from the shell of the Ubuntu box:
    Code:
     $ host 2.0.0.127.spam.dnsbl.sorbs.net                       
    2.0.0.127.spam.dnsbl.sorbs.net has address 127.0.0.6
    
     $ host 43.196.245.216.spam.dnsbl.sorbs.net
    Host 43.196.245.216.spam.dnsbl.sorbs.net not found: 3(NXDOMAIN)
    Thoughts or suggestions on how I can troubleshoot / resolve?

    Thanks, Dan

  10. #30
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,236

    Default

    Host not found just means the host isn't on the list. Of course it can also mean it can't be resolved, which is a different problem.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 3 of 4 FirstFirst 1234 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2