[CentOS] VPN traceroute is not consistent/ Bind cannot transfer

Thu Aug 21 18:09:25 UTC 2008
Fajar Priyanto <fajarpri at cbn.net.id>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,
I've got this strange thing:
I setup a openvpn link between two openwrts.
NetA: 192.168.2.0/24
NetB: 192.168.0.0/24

In netA there is a mail server + DNS: 192.168.2.44, with domain name
branch.abc.com
In netB there is a mail server + DNS: 192.168.0.44, with domain name abc.com

I setup both DNS server to be a slave server of each other domain.
- From NetA, it is able to 'copy' the abc.com zone from NetB.
But from NetB, it isn't able to copy the branch.abc.com from NetA.
In /var/log/messages, the error is:
mail named[1566]: zone branch.abc.com/IN/external: Transfer started.
mail named[1566]: transfer of 'branch.abc.com/IN' from 192.168.2.44#53:
connected using 192.168.0.44#50125
mail named[1566]: transfer of 'branch.abc.com/IN' from 192.168.2.44#53:
failed while receiving responses: REFUSED
mail named[1566]: transfer of 'branch.abc.com/IN' from 192.168.2.44#53:
end of transfer
mail named[1566]: zone branch.abc.com/IN/internal: refresh: unexpected
rcode (REFUSED) from master 192.168.2.44#53 (source 0.0.0.0#0)

I've put allow-transfer in:
        zone "branch.abc.com" {
                type master;
                allow-transfer { 192.168.0.44; };
                file "branch.abc.com.zone";
        };

Adding to the confusion:
- From NetB, doing a traceroute to 192.168.2.44 result is OK. But, when I
restart named, the traceroute to 192.168.2.44 brings no response. But,
tracerouting to other PC in NetA succeed.
[root at mail ~]# traceroute 192.168.2.136
traceroute to 192.168.2.136 (192.168.2.136), 30 hops max, 40 byte packets
 1  192.168.0.2 (192.168.0.2)  0.630 ms  1.989 ms  2.381 ms
 2  192.168.0.211 (192.168.0.211)  121.073 ms  140.998 ms  160.724 ms
 3  192.168.2.136 (192.168.2.136)  179.393 ms * *
[root at mail ~]# traceroute 192.168.2.44
traceroute to 192.168.2.44 (192.168.2.44), 30 hops max, 40 byte packets
 1  192.168.0.2 (192.168.0.2)  0.976 ms  1.342 ms  1.733 ms
 2  192.168.0.211 (192.168.0.211)  136.118 ms  155.800 ms  175.573 ms
 3  192.168.2.44 (192.168.2.44)  209.216 ms  225.935 ms  245.866 ms
[root at mail ~]# traceroute 192.168.2.44
traceroute to 192.168.2.44 (192.168.2.44), 30 hops max, 40 byte packets
 1  * * *
 2  * * *
 3  * * *


I'm not sure what is causing this, either:
1. Bind configuration error
2. Inconsistent/strangeness in VPN

Any thoughts?
Thank you very much.
- --
Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial
http://linux2.arinet.org
13:10:54 up 5:02, 2.6.24-18-generic GNU/Linux
Let's use OpenOffice. http://www.openoffice.org
The real challenge of teaching is getting your students motivated to learn.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIra9V8TneBL/L6RoRAo4MAJ4jLoxHD5ZE7bH2m/66fdWkdY73iACeKVmA
qG7636EFa4/4dgQsXpZE+x4=
=HdQ/
-----END PGP SIGNATURE-----