DNS with host works, but not with mysql or ping

Sergei G sergeig.public at gmail.com
Mon Feb 29 17:57:10 UTC 2016 

If I use host command to resolve name to IP, then I get a correct IP.

If I use ping, mysql, fetch commands, then DNS fails to resolve.  I can't
quite figure out what the difference is.

Jailed machine configuration:

1) issue is inside jailed system
2) /etc/resolv.conf points to host's machine with nameserver 10.0.1.10

Host machine:
1) runs firewall
2) runs local_unbind on all 53 ports
3) runs nsd for private network on 1053 port.

I am quite confused ATM.

pfctl -sr   Output on the host:

No ALTQ support in kernel
ALTQ related functions disabled
scrub in all fragment reassemble
block drop in log on bce0 all
block return in log on bce0 proto tcp from any to any port = ssh
block drop in log (to pflog1) quick on bce0 proto tcp from any to any port
= mdns
block drop in log (to pflog1) quick on bce0 proto tcp from any to any port
= 17500
block drop in log (to pflog1) quick on bce0 proto udp from any to any port
= mdns
block drop in log (to pflog1) quick on bce0 proto udp from any to any port
= 17500
block drop in quick on bce0 proto udp from any to any port = netbios-ns
block drop in quick on bce0 proto udp from any to any port = netbios-dgm
block drop in quick on bce0 proto udp from any to any port = 1900
block drop in quick on bce0 proto udp from any to any port = sunrpc
block drop in quick on bce0 proto tcp from any to any port = commplex-main
block drop in log (to pflog1) quick on bce0 proto igmp all
block drop in quick on bce0 inet proto udp from 0.0.0.0 port = bootpc to
any port = bootps
pass in quick on bce0 inet proto udp from 10.0.1.1 port = bootps to any
port = bootpc keep state
pass out quick on bce0 inet proto udp from any port = bootpc to 10.0.1.1
port = bootps keep state
block drop in log (to pflog1) quick on bce0 inet6 all
pass in quick on bce0 inet proto tcp from 10.0.1.0/24 to 10.0.1.10 port =
domain flags S/SA keep state
pass in quick on bce0 inet proto tcp from 10.0.1.0/24 to 10.0.1.10 port =
ssh flags S/SA keep state
pass in quick on bce0 inet proto tcp from 192.168.3.0/24 to 10.0.1.10 port
= domain flags S/SA keep state
pass in quick on bce0 inet proto tcp from any to 10.0.1.10 port = http
flags S/SA keep state
pass in quick on bce0 inet proto tcp from any to 10.0.1.10 port = https
flags S/SA keep state
pass in quick on bce0 inet proto tcp from any to 10.0.1.10 port = auth
flags S/SA keep state
pass in quick on bce0 inet proto tcp from 198.182.9.1 to 10.0.1.10 port =
ssh flags S/SA keep state
pass in quick on bce0 inet proto tcp from 10.0.1.101 port = 8090 to
10.0.1.10 flags S/SA keep state
pass in quick on bce0 inet proto udp from 10.0.1.0/24 to 10.0.1.10 port =
domain keep state
pass in quick on bce0 inet proto udp from 192.168.3.0/24 to 10.0.1.10 port
= domain keep state
pass in quick on bce0 inet proto icmp from 10.0.1.0/24 to 10.0.1.10
icmp-type echoreq keep state
pass in log quick on bce0 inet proto tcp from 10.0.1.0/24 to 10.0.1.10 port
= domain flags S/SA keep state
pass in log quick on bce0 inet proto tcp from 10.0.1.0/24 to 10.0.1.10 port
= 1053 flags S/SA keep state
pass in log quick on bce0 inet proto udp from 10.0.1.0/24 to 10.0.1.10 port
= domain keep state
pass in log quick on bce0 inet proto udp from 10.0.1.0/24 to 10.0.1.10 port
= 1053 keep state
pass in log quick on lo0 inet proto tcp from 10.0.1.0/24 to 127.0.0.1 port
= 1053 flags S/SA keep state
pass in log quick on lo0 inet proto udp from 10.0.1.0/24 to 127.0.0.1 port
= 1053 keep state
pass in quick on bce0 inet proto tcp from 10.0.1.0/24 to 192.168.3.17 port
= imap flags S/SA keep state
pass in quick on bce0 inet proto tcp from 10.0.1.0/24 to 192.168.3.17 port
= smtp flags S/SA keep state
pass in quick on bce0 inet proto tcp from 10.0.1.0/24 to 192.168.3.17 port
= submission flags S/SA keep state
pass in quick on bce0 inet proto tcp from 192.168.3.0/24 to 192.168.3.17
port = imap flags S/SA keep state
pass in quick on bce0 inet proto tcp from 192.168.3.0/24 to 192.168.3.17
port = smtp flags S/SA keep state
pass in quick on bce0 inet proto tcp from 192.168.3.0/24 to 192.168.3.17
port = submission flags S/SA keep state
pass in quick on bce0 inet proto tcp from 10.0.1.10 to 192.168.3.11 port =
9000 flags S/SA keep state
pass in quick on bce0 inet proto tcp from 10.0.1.10 to 192.168.3.15 port =
9000 flags S/SA keep state
pass in quick on bce0 inet proto tcp from 10.0.1.10 to 192.168.3.22 port =
9000 flags S/SA keep state
pass in quick on bce0 inet proto tcp from 10.0.1.10 to 192.168.3.13 port =
9001 flags S/SA keep state
pass out quick on bce0 inet proto tcp from 10.0.1.10 to 10.0.1.101 port =
8090 flags S/SA keep state
pass out quick on bce0 inet proto udp from any to any port = domain keep
state
pass out quick on bce0 inet proto icmp all icmp-type echoreq keep state
pass in on bce0 inet proto tcp from 10.0.1.0/24 to any port = ftp flags
S/SA keep state
pass in on bce0 inet proto tcp from 10.0.1.0/24 to any port > 49151 flags
S/SA keep state

More information about the freebsd-questions mailing list