Trying to propagate my domain--getting 'unreachable - admin prohibited'
David Bandel
david.bandel
Tue Jun 28 05:24:05 PDT 2005
On 6/27/05, John King <jking.email at gmail.com> wrote:
> I am trying to get my nameserver to propagate my domain to Internet but its
> just not happening. I can see the requests coming in using tcpdump, but each
> request is met with "unreachable - admin prohibited":
>
> 20:33:49.504131 IP 202.188.0.181.36949 > 192.168.100.3.domain: 17223 A?
> mydomain.com. (24)
> 20:33:49.504242 IP 192.168.100.3 > 202.188.0.181: icmp 60: host
> 192.168.100.3 unreachable - admin prohibited
This is unrelated to DNS.
Make sure you're forwarding port 53 tcp _and_ udp. Except for zone
transfers or very large answers, DNS uses udp.
[snip]
>
> $TTL 180s
this ttl is _way_ too short. Try reading and heeding the
recommendations in the RFC.
> @ IN SOA ns4.mydomain.com. webmaster.mydomain.com. (
> 2005062602 ; Serial
> 180s ; Refresh Slaves
> 1H ; Retry
> 1W ; Expiry
> 1D ) ; Minimum
> ;
see previous comment. Also, are you really the owner of mydomain.com?
>
> mydomain.com. IN NS ns4.mydomain.com.
> mydomain.com. IN NS ns5.mydomain.com.
Umm, these don't have corresponding A RRs below.
>
> mydomain.com. IN A 123.123.123.123
no one is assigned 123.123.123.123 (at least according to ARIN who
doesn't assign in your part of the world).
>
> localhost.mydomain.com. IN A 127.0.0.1
>
> mydomain.com. IN MX 0 mydomain.com.
>
> mail IN CNAME mydomain.com.
> www IN CNAME mydomain.com.
> ftp IN CNAME mydomain.com.
>
> So--the question is--why can't I propagate my domain name?
DNS does _not_ PROPAGATE. But if you want to know if your DNS is
borken, use dig:
on the DNS server:
dig @localhost www.mydomain.com
from another host:
dig @123.123.123.123 www.mydomain.com
Ciao,
David A. Bandel
--
Focus on the dream, not the competition.
- Nemesis Air Racing Team motto
More information about the Linux-users
mailing list