Visit The New, Modern Unix Linux Community

Special Forums Windows & DOS: Issues & Discussions Home Questions Tags Users Unanswered Windows 2016 DNS server returns SERVFAIL for non-existing doma Post 303043665 by broy32000 on Monday 3rd of February 2020 09:59:52 AM
Just asking for another help, if you can. I was analysing my DNS traffic using tcpdump (not verbose mode) in a AIX client. I found that a lot of repeat of transaction IDs over matter of hours. Is it expected?

Code:
22:39:52.301965 IP 192.168.1.119.56880 > 192.168.1.126.53: 49968+ A? shavar.services.mozilla.com. (45)


Last edited by vbe; 02-04-2020 at 04:29 AM.. Reason: code tags
 
Test Your Knowledge in Computers #658
Difficulty: Medium
The FreeDOS project began on 26 June 1994, when Microsoft announced it would no longer sell or support MS-DOS.
True or False?

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

ftp server on old home computer - a few questions

Hi! Very new to unix stuff, and this is my first post to the forum. I'm pretty sure I know enough to know I know nothing, so please be patient with me and don't laugh too hard. Ok, I've got an old computer and a laptop - the old computer was bought in the mid 90's it's still running windows... (1 Reply)
Discussion started by: boredbody
1 Replies

2. Windows & DOS: Issues & Discussions

Install Windows 2003 R2 on existing Windows 2008

Hi, I am trying to install WIndows 2003 R2 Server on existing Windows 2008 server. When I run the 2003 cd it says no disk found. What can be the problem. (2 Replies)
Discussion started by: gunnervarma
2 Replies

3. UNIX for Dummies Questions & Answers

dlsym() returns 0 for an existing function

Sometimes I observe this in gdb: (gdb) br my_function Breakpoint .. at 0x...: file ..., line ... i.e., "my_function" does exist in the current executable. however, dlsym does not find it: (gdb) p dlsym(0,"my_function") $6 = 0 This is a C program; dlsym does find other defined functions and... (2 Replies)
Discussion started by: sds
2 Replies

4. UNIX for Advanced & Expert Users

DNS server choice: Windows DNS vs Linux BIND

I'd like to get some opnions on choosing DNS server: Windows DNS vs Linux BIND comparrsion: 1) managment, easy of use 2) Security 3) features 4) peformance 5) ?? I personally prefer Windows DNS server for management, it supports GUI and command line. But I am not sure about security... (2 Replies)
Discussion started by: honglus
2 Replies

5. UNIX for Advanced & Expert Users

Yahoo Interview unanswered questions

Hi guys, please help me get the answers of these questions which I faced in an interview @ Yahoo 1. I want to " ls " few million files, certainly I cannot do so because ls has some restriction in KBs, how can I do it alternatively. 2. Change the system in such a way that while booting up,... (2 Replies)
Discussion started by: gauravsharma29
2 Replies

6. IP Networking

DNS: Dig returns different responses...

Hey everyone, Okay, so I've been having some fun with the dig command, and wanted to dig my old school. Two questions came up from this. So I: dig @8.8.8.8 +recurse njcu.edu ANY and the result is about 8 records, including the SOA record. One of them is this weird TXT record, and the other is... (1 Reply)
Discussion started by: Lost in Cyberia
1 Replies

7. Hardware

Stack Overflow Questions Tags Users Badges Unanswered Ask Question Ask for the explanation of types

I have read a document which tells me the following 4 things are done by the RAM embedded on disk driver controller. But I don't know what's difference between buffer and cache. Thanks! RAM on disk drive controllers 1 firmware 2 speed matching buffer 3 prefetching buffer 4 cache (1 Reply)
Discussion started by: 915086731
1 Replies

8. Solaris

Tilde prefix returns invalid home directory.

I am trying to find the home directory of users on a UNIX (Solaris/AIX) box using echo ~usernameThis does return the home directory for all valid users. For some reason this command also outputs home directory which are non-existent for few users who seem not to have logon access to that... (31 Replies)
Discussion started by: thinkster
31 Replies

9. Solaris

DNS client added to DNS server but not working

Hi, We have built a new server (RHEL VM)and added that IP/hostname into dns zone configs file on DNS server (Solaris 10). Reloaded the configuration using and added nameserver into resolv.conf on client. But when I am trying nslookup, its not getting resolved. The nameserver is not able to... (8 Replies)
Discussion started by: snchaudhari2
8 Replies
IPSEC_POLICY(8) 						  [FIXME: manual]						   IPSEC_POLICY(8)

NAME
ipsec_policy - list of existing policy SYNOPSIS
ipsec policy DESCRIPTION
Note that policy is only supported on the new NAST stack. It is not supported on any other stack. On the klips stack, use ipsec eroute, on the netkey stack, use ip xfrm lists the IPSEC policy tables (aka eroutes) which control what (if any) processing is applied to non-encrypted packets arriving for IPSEC processing and forwarding. A table entry consists of: + packet count, + source address with mask and source port (0 if all ports or not applicable) + a '->' separator for visual and automated parsing between src and dst + destination address with mask and destination port (0 if all ports or not applicable) + a '=>' separator for visual and automated parsing between selection criteria and SAID to use + SAID (Security Association IDentifier), comprised of: + protocol (proto), + address family (af), where '.' stands for IPv4 and ':' for IPv6 + Security Parameters Index (SPI), + effective destination (edst), where the packet should be forwarded after processing (normally the other security gateway) together indicate which Security Association should be used to process the packet, + a ':' separating the SAID from the transport protocol (0 if all protocols) + source identity text string with no whitespace, in parens, + destination identity text string with no whitespace, in parens Addresses are written as IPv4 dotted quads or IPv6 coloned hex, protocol is one of "ah", "esp", "comp" or "tun" and SPIs are prefixed hexadecimal numbers where the prefix '.' is for IPv4 and the prefix ':' is for IPv6 SAIDs are written as "protoafSPI@edst". There are also 5 "magic" SAIDs which have special meaning: + %drop means that matches are to be dropped + %reject means that matches are to be dropped and an ICMP returned, if possible to inform + %trap means that matches are to trigger an ACQUIRE message to the Key Management daemon(s) and a hold policy will be put in place to prevent subsequent packets also triggering ACQUIRE messages. + %hold means that matches are to stored until the policy is replaced or until that policy gets reaped + %pass means that matches are to allowed to pass without IPSEC processing EXAMPLES
1867 172.31.252.0/24:0 -> 0.0.0.0/0:0 => tun0x130@192.168.43.1:0 () () means that 1,867 packets have been sent to an policy that has been set up to protect traffic between the subnet 172.31.252.0 with a subnet mask of 24 bits and the default address/mask represented by an address of 0.0.0.0 with a subnet mask of 0 bits using the local machine as a security gateway on this end of the tunnel and the machine 192.168.43.1 on the other end of the tunnel with a Security Association IDentifier of tun0x130@192.168.43.1 which means that it is a tunnel mode connection (4, IPPROTO_IPIP) with a Security Parameters Index of 130 in hexadecimal with no identies defined for either end. 746 192.168.2.110/32:0 -> 192.168.2.120/32:25 => esp0x130@192.168.2.120:6 () () means that 746 packets have been sent to an policy that has been set up to protect traffic sent from any port on the host 192.168.2.110 to the SMTP (TCP, port 25) port on the host 192.168.2.120 with a Security Association IDentifier of tun0x130@192.168.2.120 which means that it is a transport mode connection with a Security Parameters Index of 130 in hexadecimal with no identies defined for either end. 125 3049:1::/64 -> 0:0/0 => tun:130@3058:4::5 () () means that 125 packets have been sent to an policy that has been set up to protect traffic between the subnet 3049:1:: with a subnet mask of 64 bits and the default address/mask represented by an address of 0:0 with a subnet mask of 0 bits using the local machine as a security gateway on this end of the tunnel and the machine 3058:4::5 on the other end of the tunnel with a Security Association IDentifier of tun:130@3058:4::5 which means that it is a tunnel mode connection with a Security Parameters Index of 130 in hexadecimal with no identies defined for either end. 42 192.168.6.0/24:0 -> 192.168.7.0/24:0 => %passthrough means that 42 packets have been sent to an policy that has been set up to pass the traffic from the subnet 192.168.6.0 with a subnet mask of 24 bits and to subnet 192.168.7.0 with a subnet mask of 24 bits without any IPSEC processing with no identies defined for either end. 2112 192.168.8.55/32:0 -> 192.168.9.47/24:0 => %hold (east) () means that 2112 packets have been sent to an policy that has been set up to hold the traffic from the host 192.168.8.55 and to host 192.168.9.47 until a key exchange from a Key Management daemon succeeds and puts in an SA or fails and puts in a pass or drop policy depending on the default configuration with the local client defined as "east" and no identy defined for the remote end. 2001 192.168.2.110/32:0 -> 192.168.2.120/32:0 => esp0xe6de@192.168.2.120:0 () () means that 2001 packets have been sent to an policy that has been set up to protect traffic between the host 192.168.2.110 and the host 192.168.2.120 using 192.168.2.110 as a security gateway on this end of the connection and the machine 192.168.2.120 on the other end of the connection with a Security Association IDentifier of esp0xe6de@192.168.2.120 which means that it is a transport mode connection with a Security Parameters Index of e6de in hexadecimal using Encapsuation Security Payload protocol (50, IPPROTO_ESP) with no identies defined for either end. 1984 3049:1::110/128 -> 3049:1::120/128 => ah:f5ed@3049:1::120 () () means that 1984 packets have been sent to an policy that has been set up to authenticate traffic between the host 3049:1::110 and the host 3049:1::120 using 3049:1::110 as a security gateway on this end of the connection and the machine 3049:1::120 on the other end of the connection with a Security Association IDentifier of ah:f5ed@3049:1::120 which means that it is a transport mode connection with a Security Parameters Index of f5ed in hexadecimal using Authentication Header protocol (51, IPPROTO_AH) with no identies defined for either end. SEE ALSO
ipsec(8), ipsec_tncfg(5), ipsec_spi(5), ipsec_spigrp(5), ipsec_klipsdebug(5), ipsec_eroute(8), ipsec_version(5), ipsec_pf_key(5), ipsec_eroute(5) HISTORY
Written for the Openswan project <http://www.openswan.org/> by Bart Trojanowski. [FIXME: source] 10/06/2010 IPSEC_POLICY(8)

Featured Tech Videos

All times are GMT -4. The time now is 05:14 AM.
Unix & Linux Forums Content Copyright 1993-2020. All Rights Reserved.
Privacy Policy