Date: Sun, 18 Sep 2016 22:29:59 +0200 From: Marko Turk <markoml@markoturk.info> To: freebsd-questions@freebsd.org Subject: Re: When `drill` works but `nc` doesn't Message-ID: <20160918202959.GA2279@vps.markoturk.info> In-Reply-To: <20160918113409.q7frsljfr2hcbj6g@box-hlm-03.niklaas.eu> References: <20160917134155.GA77669@box-hlm-03.niklaas.eu> <20160917192342.GA2305@vps.markoturk.info> <20160918113409.q7frsljfr2hcbj6g@box-hlm-03.niklaas.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
--UlVJffcvxoiEqYs2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, On Sun, Sep 18, 2016 at 01:34:09PM +0200, Niklaas Baudet von Gersdorff wrot= e: > Marko Turk [2016-09-17 21:23 +0200] : >=20 > > > $ sudo jexec www1 truss -D -o /tmp/truss-hostname nc -z mysql2.box-= hlm-03.klaas 3306 > > >=20 > > > $ sudo jexec www1 truss -D -o /tmp/truss-IP nc -z 10.3.5.3 3306 > > > [cut] > >=20 > > Can you also post truss output when doing drill and tcpdump when doing > > netcat with hostname? >=20 > Of course. Please find attached "truss-drill" and > "tcpdump-netcat". The first one I created with >=20 > $ sudo jexec www1 truss -o /tmp/truss-drill drill mysql2.box-hlm-03.kla= as >=20 > the second one with >=20 > 1 $ sudo tcpdump -nettti lo0 \ > 2 \( src host 10.3.4.1 or \ > 3 src host fd16:dcc0:f4cc:3::4:1 or \ > 4 src host fd16:dcc0:f4cc:77::4:1 \) \ > 5 and not \( dst host 10.77.2.1 \ > 6 or dst host fd16:dcc0:f4cc:77::2:1 \) \ > 7 and not port 8080 and not \ > 8 \( host 10.3.2.1 or fd16:dcc0:f4cc:3::2:1 \) > \ > 9 /tmp/tcpdump-nc >=20 can you also add something like 'dst host 10.3.4.1' because (if I'm not mistaken) you only capture packets originating from 10.3.4.1 and not the replys. > As you can see, I filtered out quite some packets in lines 5-8. > 10.77.2.1 and 10.3.2.1 and the corresponding IPv6s are a proxy > server that does health checks; plus I have a busy varnish-nginx > set-up that communicates on port 8080. If I hadn't filtered out > these packets, the dump would be unreadable. >=20 > Investigating the dump I came across the following line: >=20 > 00:00:00.000265 AF IPv4 (2), length 60: 10.3.4.1 > 10.3.3.1: ICMP 10.3.= 4.1 udp port 17918 unreachable, length 36 > [cut] It seems you're getting the reply from the wrong IP (10.3.3.1). Can you post you unbound config, specifically 'interface:' section? -Marko --UlVJffcvxoiEqYs2 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJX3vlGAAoJEHg6bF2mqM2ImnMQALNg9d8QJwhBLEfq7b7DFiI/ QFFaVlf01/9ZnIM3dW1HA0a6sAtctfkxOQCCBT9xilV/vTFk2ikgfZzJDbSCyoOw yxT4k5hviEJ6xoM7YX2W73qRe0WLTVn2WhSH4JckeaykGXfWeeVyGs2JuKimqdy+ NuPt5yhvRFRxHW47hf35txGoFg4wuXlnoYWnwiL0pWanvbRld/HVb6zeZO0Iio69 m5jnpVcsagESWXew3O3zJTVzgrKK4xivNd036kNQ3uVtHYE+mw28EdaMff6A5s7k 8DZy7xBqhQccFJU6iHe/izYbXMxukP4BX1QGWAJ20pp8Ko0QclZSX4Yw3GosDfux d9NTkPVj5g0eTBMpdSfowhfvAi2T8jahzaPJdwdi8YxOuWPXr+topgUrjSprWOKX WJdjIEETFIKszjbVsmfrqUOP6yYO7Q0g45ShvAZsq/4EWVEt+wuKFzP3dgi3cmA9 a0sEAv8O2hhee/EkXijRXFytIKq2Dpb3K+pr21nZEMIximRB7OtbgZ2qqlnX75uy AE5KgwGX6XmCsGC7L4qi8HlWRQ85FFoPKVqUsX0S/8Xm97fojAbS2oYb4vHLxS8+ on8y8CRN76keKB+1urbW4OGYC7sjkj+bllLs6htzj0anMvqFydp9YY/7Jmvd477C xZf7+MliPXAjynJjemLo =3QeI -----END PGP SIGNATURE----- --UlVJffcvxoiEqYs2--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160918202959.GA2279>