Chris,
Also, you noted:
"don’t rely on doing zone transfers from that server for much longer."
Please provide an Authoritative Public DNS server that accepts Zone Transfers either on
AMPRNet or Public. To my knowledge
gw.ampr.org was the only one.
---
73,
LynwoodKB3VWG
On Saturday, April 6, 2024 at 12:48:41 PM EDT, lleachii(a)aol.com
<lleachii(a)aol.com> wrote:
Chris,
"What is the A record hostname for that IP supposed to be? I can check if it’s in the
zonefile or not - likely not - was it added only recently?"
That's the issue, it was not added recently- it's been there for years, since I
first devised my internal network plan years ago:
kb3vwg-128.ampr.org
user@machine:~$ nslookup 44.60.44.128 44.0.0.1128.44.60.44.in-addr.arpa name =
kb3vwg-128.ampr.org.
It is in the zone file.
- Lynwood
On Saturday, April 6, 2024 at 12:41:29 PM EDT, Chris via 44net
<44net(a)mailman.ampr.org> wrote:
So, we are in the process of moving the primary nameserver away from the UCSD gateway
server so all it will be left with is acting as the IPIP encap/de-encap gateway function +
rip44d, so don’t rely on doing zone transfers from that server for much longer.
As to your egress problem, I checked on the gateway and your 44.60.44.128 IP is not in the
filter list but your 44.60.44.1 IP is, that’s why it’s not working for 44.60.44.128. What
is the A record hostname for that IP supposed to be? I can check if it’s in the zonefile
or not - likely not - was it added only recently?
73,
Chris - G1FEF
—
ARDC Administrator
Web:
https://www.ardc.net
On 6 Apr 2024, at 12:02, lleachii--- via 44net <44net(a)mailman.ampr.org> wrote:
Chris,
I suspect some failure in the location that maintains what AMPR IPs have DNS entries -
hence allowing FORWARD on AMPRGW.
Rationale:
* My ingress TCP traces are blocked for 44.60.44.128, yet work for 44.60.44.1, 44.60.44.3
and 44.60.44.10
- On a side note, I also observe that on my DNS server (44.60.44.3) - that the
44.in-addr.arpa Zone seems to be failing (checking logs). I can no longer get
authoritative answers, but I can still query 44.0.0.1 and get Zone Transfers (port 53/TCP)
for
AMPR.ORG. Was the Reverse Zone edited somehow?
- Lynwood
On Saturday, April 6, 2024 at 05:47:53 AM EDT, lleachii(a)aol.com
<lleachii(a)aol.com> wrote:
Chris,
Another interesting observation occurred when testing egress from my LAN and router with
various SRC IPs. My LAN is configured with a SNAT and IP/Rules to use 44.60.44.128 for
traffic from a certain LAN SRC IP is set on the client.
* With my usual SNAT setting of SRC 44.60.44.128 - ping DOESN'T WORK* When pining from
the router with 44.60.44.1 and changing the LAN SNAT rule to also use SRC 44.60.44.1 -
ping WORKS
root@OpenWrt:~# ping -c 5 1.1.1.1 -I 44.60.44.1PING 1.1.1.1 (1.1.1.1) from 44.60.44.1: 56
data bytes64 bytes from 1.1.1.1: seq=0 ttl=55 time=67.178 ms64 bytes from 1.1.1.1: seq=1
ttl=55 time=65.657 ms64 bytes from 1.1.1.1: seq=2 ttl=55 time=65.435 ms64 bytes from
1.1.1.1: seq=3 ttl=55 time=65.314 ms64 bytes from 1.1.1.1: seq=4 ttl=55 time=65.462 ms
--- 1.1.1.1 ping statistics ---5 packets transmitted, 5 packets received, 0% packet
lossround-trip min/avg/max = 65.314/65.809/67.178 ms
---
- LynwoodKB3VWG _______________________________________________
44net mailing list -- 44net(a)mailman.ampr.org
To unsubscribe send an email to 44net-leave(a)mailman.ampr.org
_______________________________________________
44net mailing list -- 44net(a)mailman.ampr.org
To unsubscribe send an email to 44net-leave(a)mailman.ampr.org