我有 iptables 配置:
# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere
之后,尝试这个:
user@debian:~$ host yahoo.com
../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
yahoo.com has address 98.138.219.232
yahoo.com has address 72.30.35.9
yahoo.com has address 72.30.35.10
yahoo.com has address 98.137.246.7
yahoo.com has address 98.137.246.8
yahoo.com has address 98.138.219.231
yahoo.com has IPv6 address 2001:4998:c:1023::5
yahoo.com has IPv6 address 2001:4998:44:41d::3
yahoo.com has IPv6 address 2001:4998:44:41d::4
yahoo.com has IPv6 address 2001:4998:58:1836::10
yahoo.com has IPv6 address 2001:4998:58:1836::11
yahoo.com has IPv6 address 2001:4998:c:1023::4
yahoo.com mail is handled by 1 mta7.am0.yahoodns.net.
yahoo.com mail is handled by 1 mta5.am0.yahoodns.net.
yahoo.com mail is handled by 1 mta6.am0.yahoodns.net.
如何?我想,这是“缓存”,并尝试其他一些域。他们都得到了解决。
“好吧,也许这是一些本地 DNS 缓存” - 关闭计算机上的互联网。好吧没有解决。
如何?为什么?
答案1
解决了!
我没有注意到这个魔法:
yahoo.com has address 98.138.219.231
yahoo.com has IPv6 address 2001:4998:c:1023::5
因此,我必须为“ip6tables”设置规则:
# ip6tables -P INPUT DROP
# ip6tables -P OUTPUT DROP
# ip6tables -P FORWARD DROP
和我的结果:
../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
;; connection timed out ; no servers could be reached
PS如果我记得“tcpdump”,那么问题解决得更快。