Re: Name resolution from within a jail?

[YONETANI Tomokazu <qhwt+dfly@xxxxxxxxxx>]

On Tue, Jul 18, 2006 at 01:59:48PM +0200, Joerg Sonnenberger wrote:
> On Tue, Jul 18, 2006 at 03:19:38PM +0900, YONETANI Tomokazu wrote:
> > Then I started tcpdump on another machine(192.168.2.175) running named,
> > and found that DNS queries from a jail on an IP alias are received but
> > not responded to by that machine:
> > 
> > A DNS query from the jail host(which is responded to by 192.168.2.175)
> > 14:24:50.669966 192.168.2.18.1256 > 192.168.2.175.domain:  8711+ ANY? . (17)
> > 0x0000   4500 002d e17a 0000 4011 1334 c0a8 0212        E..-.z..@..4....
> > 0x0010   c0a8 02af 04e8 0035 0019 5184 2207 0100        .......5..Q."...
> > 0x0020   0001 0000 0000 0000 0000 ff00 0100             ..............
> > 
> > A DNS query from `repos'(not responded to)
> > 14:25:05.099087 192.168.2.20.1257 > 192.168.2.175.domain:  60734+ ANY? . (17)
> > 0x0000   4500 002d e1eb 0000 4011 12c1 c0a8 0214        E..-....@.......
> > 0x0010   c0a8 02af 04e9 0035 0019 8649 ed3e 0100        .......5...I.>..
> > 0x0020   0001 0000 0000 0000 0000 ff00 0100             ..............
> > 
> > Does anyone have any idea why the second query is ignored?
> 
> Have you verified that the ARP cache of the DNS server contains entries
> for both IP addresses? That's what I can think of immediately.

Aha, that was it: the ARP entry for the aliased address is shown
as <incomplete> on the DNS server after sending packets from it.

And you can do this on R1.4 but not on HEAD or R1.6:
  $ ping -nc1 -S <alias> <dns server>