[Ircd] dns/whois weirdness

[Mark Robinson]

Hi,

As far as I am aware the problem with protest.net has not been resolved.

The last I remember was rabble doing a tcptraceroute to che's port 6667 which 
failed at the last hop. This would indicate a routing/firewall problem at 
he.net or che. I havn't found anything on che to explain the behaviour. I've 
been through /etc/hosts.deny, iptables --list -n -v, klines.conf, dlines.conf 
etc.

The DNS server that was missing in action has been replaced twice, first with 
one of the he.net servers, and again with fs.freespeech.org. After the first 
change Pabs fielded an enquiry about /dns not working for some user's hosts. 
The second DNS change seemed to resolve this, but since the first change came 
into effect after the crash we are regularly getting 'che ircd[265]: server 
is not willing to do recursive lookups for us' in the logs. I don't know 
which nameserver doesn't trust us, or on which hosts it occurs. Useless 
bloody error message. I also don't know if this is an indicator that /dns is 
failing for people at times, or if this will stop people connecting through 
SSL when a reverse dns check for them fails.

regards
Mark

On Wed September 29 2004 15:36, you wrote:
> I like the same thing, and to help it along, I've CC'd the parties
> involved.
>
> micah
>
> On Wed, 29 Sep 2004, intrigeri wrote:
> > Hi folks,
> >
> > Mark Robinson <imc-ircd at zl2tod.net> writes:
> > > rabble complained about being unable to connect on 6667 from
> > > protest.net.
> >
> > I had a look, the whois/host/dns stuff you describe seems to have been
> > repaired with a new dns server being used, so... I'd like to be sure
> > that:
> >   - Mark has been told this
> >   - connection from protest.net is now possible
> >
> > (Well, I'm not working on IRCd at all, but I like when questions asked
> > on a list are answered, for the record, on the list too... :)
> >
> > Ciao,