I am using Snow Leopard and cannot ping or ssh into a host but am able to dig:
dig some.value.host.com
When the ip address comes back in the answer section, then I am able to ssh via ip address ( ssh myname@12.45.45.12). Previously (> 1 week ago), this worked fine where I could just ssh in.
All of this is taking place over VPN. Since on VPN, I'm a little at a loss at how to figure out what is going on. Any ideas about next step to take to figure out what is going on?
Answers / Further Clafication:
Are you using split DNS? (my guess is no) - no
Is the DNS server on the other side set to resolve DNS queries for any domain or only its own? - any query
Are you able to reach the DNS server on the other side of the VPN? - yes
Are you tunneling all IP traffic or only specific traffic? - looks like all IP traffic
So, I'm using Cisco AnyConnect VPN. I'm assuming this is When you say DNS tools works at interface, would this be why I'm able to dig the west.domain.com host but not ssh to it. I'm guessing I just don't understand how exactly the tunneling is working at this level to resolve it.
I agree with most of what you're saying. I'm not sure how to control the 'which traffic to tunnel' issue. It looks like all IP traffic is going through there when connected.
Regarding the /etc/hosts file, this host is not in there.
-
Are you using split DNS? (my guess is no)
Is the DNS server on the other side set to resolve DNS queries for any domain or only its own?
Are you able to reach the DNS server on the other side of the VPN?
Are you tunneling all IP traffic or only specific traffic?DNS tools typically use the interface's DNS server instead of querying through the OS (where Cisco's VPN client sinks its teeth). This would cause DNS tools to work but everything else to fail. The best thing to do is setup split DNS. This will specify domains that should be resolved on the other side of the VPN. Any other domains will resolve to whatever you have setup in your interface settings.
If you can't set that up, set your DNS server to resolve all queries (be careful with this and make sure you want to do it)
If you can't resolve DNS queries at all on the server on the other side of the VPN, figure out why. Most likely you aren't specifying the correct traffic to tunnel.
wolfgangsz : Further explanation (in extension of @Jason's): when you are NOT connected to the VPN, then your computer will be configured to use a specific DNS server. That DNS server has probably no knowledge of any DNS entries on the other side of the VPN tunnel. Once you are on the VPN, your computer either needs to use a DNS server that is also on the VPN (and then you need to have routing in place for that) or your local DNS server has be able to forward queries to the DNS server on the other side of the VPN for resolution.From Jason Berg -
Also check your local /etc/hosts file. This usually takes precedence over DNS calls. When you SSH via the hostname and the hostname exists in the hosts file, it will login with that. Your dig command queries a DNS server directly, bypassing the hosts file.
timpone : I've run this several times and restarted computer. I think this is probably Cisco-VPN specific; perhaps dig is using a different source of information than ssh is? That's my most likely hunch and what was somewhat implied above by original responder.From vmfarms -
Sounds like you may be caching an outdated DNS record. Try flushing your DNS cache. From terminal, try:
dscacheutil -flushcache
From the_gastropod
0 comments:
Post a Comment