[Techtalk] weird network behavior

Maria Mckinley maria at shadlen.org
Fri Dec 10 22:30:06 UTC 2010


On 12/10/10 1:12 PM, Emerick Oshiro wrote:
 > Seems like some kind of dns issue.  /etc/hosts, resolve.conf, YP (if
 > you're running it)
 >

Did some digging, and found something interesting. All machines get 
reasonable answers when using dig to query other machines, or 
themselves. Except mimi, which gets a reasonable answer for other 
machines, but seems to fail when asking for its own ip:

maria at mimi:~$ dig bettye.shadlen.org

; <<>> DiG 9.6-ESV-R1 <<>> bettye.shadlen.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12793
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;bettye.shadlen.org.            IN      A

;; ANSWER SECTION:
bettye.shadlen.org.     86400   IN      A       10.208.108.18

;; AUTHORITY SECTION:
shadlen.org.            86400   IN      NS      dns.shadlen.org.

;; ADDITIONAL SECTION:
dns.shadlen.org.        86400   IN      A       10.208.108.13

;; Query time: 43 msec
;; SERVER: 10.208.108.13#53(10.208.108.13)
;; WHEN: Fri Dec 10 14:19:38 2010
;; MSG SIZE  rcvd: 86

maria at mimi:~$ dig mimi.shadlen.rog

; <<>> DiG 9.6-ESV-R1 <<>> mimi.shadlen.rog
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1385
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;mimi.shadlen.rog.              IN      A

;; AUTHORITY SECTION:
.                       10800   IN      SOA     a.root-servers.net. 
nstld.verisign-grs.com. 2010121000 1800 900 604800 86400

;; Query time: 158 msec
;; SERVER: 10.208.108.13#53(10.208.108.13)
;; WHEN: Fri Dec 10 14:19:49 2010
;; MSG SIZE  rcvd: 109

Other machines get the correct answer when querrying mimi's hostname. 
Why is mimi not checking with my dns server when looking for its own IP, 
but is when looking for other IPs? Like I said, the other machines do 
this properly, even for their own hostname.

thanks,
maria



> -----Original Message-----
> From: techtalk-bounces at linuxchix.org
> [mailto:techtalk-bounces at linuxchix.org] On Behalf Of Maria Mckinley
> Sent: Friday, December 10, 2010 12:54 PM
> To: techtalk at linuxchix.org
> Subject: [Techtalk] weird network behavior
>
> Hello there,
>
> I am very confused. I have host based ssh working for almost all of my
> machines, except when sshing FROM one particular machine, mimi. If I ssh
>
> TO mimi, or to/from any other machine, everything is fine. But, I cannot
>
> ssh out of mimi to any other machine; it always asks for my password,
> which works just fine. The only difference I see in communication, is
> that when mimi asks the other machines for their ip, mimi receives their
>
> mac address instead, but with all of the attempts from other machines,
> the machine just seems to know the right ip:
>
> Going from mimi to bettye does not work:
>
> root at bettye:~# tcpdump -v host 10.208.108.17
> tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size
> 65535 bytes
> 12:45:14.341940 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has
> bettye.shadlen.org tell mimi.shadlen.org, length 46
> 12:45:14.341973 ARP, Ethernet (len 6), IPv4 (len 4), Reply
> bettye.shadlen.org is-at 00:1d:7d:d6:b2:e9 (oui Unknown), length 28
> 12:45:14.342034 IP (tos 0x0, ttl 64, id 57433, offset 0, flags [DF],
> proto TCP (6), length 60)
>       mimi.shadlen.org.48447>  bettye.shadlen.org.ssh: Flags [S], cksum
> 0x8314 (correct), seq 103393154, win 5840, options [mss 1460,sackOK,TS
> val 226248667 ecr 0,nop,wscale 7], length 0
>
> Going from herbie to bettye does:
> root at bettye:~#  tcpdump -v host 10.208.108.24
> tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size
> 65535 bytes
> 12:49:09.338429 IP (tos 0x0, ttl 64, id 41120, offset 0, flags [DF],
> proto TCP (6), length 60)
>       herbie.shadlen.org.46479>  bettye.shadlen.org.ssh: Flags [S], cksum
>
> 0xf1ac (correct), seq 1280374511, win 5840, options [mss 1460,sackOK,TS
> val 42227279 ecr 0,nop,wscale 7], length 0
>
> Going from bettye to mimi does:
> mimi:~# tcpdump -v host 10.208.108.18
> tcpdump: listening on eth3, link-type EN10MB (Ethernet), capture size 96
>
> bytes
> 12:51:00.656378 IP (tos 0x0, ttl 64, id 60264, offset 0, flags [DF],
> proto TCP (6), length 60)
>      bettye.shadlen.org.54994>  mimi.shadlen.org.ssh: S, cksum 0x1630
> (correct), 1448921915:1448921915(0) win 5840<mss 1460,sackOK,timestamp
> 342433875 0,nop,wscale 7>
>
> I know that all of the ssh files are exactly the same. Also /etc/hosts,
> /etc/hosts.equiv, and /etc/resolv.conf (which uses my dns server) are
> all the same. Any ideas what could be going on here? The other weird
> thing is this use to work, and I don't know what could have changed. The
>
> behavior seems to imply a change that happened on mimi that causes other
>
> machines to behave differently only to mimi, but I can't think what that
>
> might be.
>
> thanks,
> maria
> _______________________________________________
> Techtalk mailing list
> Techtalk at linuxchix.org
> http://mailman.linuxchix.org/mailman/listinfo/techtalk
>
> This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
>
> iWatt Inc, 101 Albright Way, Los Gatos, CA 95032 - Ph: 408.374.4200 www.iwatt.com
>


More information about the Techtalk mailing list