able to dig a hostname but doesn't resolve via ssh or ping
I am using Snow Leopard and cannot ping or ssh into a host but am able to dig:
dig some.value.host.com
When the ip address comes back in the answer section, then I am able to ssh via ip address ( ssh [email protected]). Previously (> 1 week ago), this worked fine where I could just ssh in.
All of this is taking place over VPN. Since on VPN, I'm a little at a loss at how to figure out what is going on. Any ideas about next step to take to figure out what is going on?
Answers / Further Clafication:
Are you using split DNS? (my guess is no) - no
Is the DNS server on the other side set to resolve DNS queries for any domain or only its own? - any query
Are you able to reach the DNS server on the other side of the VPN? - yes
Are you tunneling all IP traffic or only specific traffic? - looks like all IP traffic
So, I'm using Cisco AnyConnect VPN. I'm assuming this is When you say DNS tools works at interface, would this be why I'm able to dig the west.domain.com host but not ssh to it. I'm guessing I just don't understand how exactly the tunneling is working at this level to resolve it.
I agree with most of what you're saying. I'm not sure how to control the 'which traffic to tunnel' issue. It looks like all IP traffic is going through there when connected.
Regarding the /etc/hosts file, this host is not in there.
Are you using split DNS? (my guess is no)
Is the DNS server on the other side set to resolve DNS queries for any domain or only its own?
Are you able to reach the DNS server on the other side of the VPN?
Are you tunneling all IP traffic or only specific traffic?
DNS tools typically use the interface's DNS server instead of querying through the OS (where Cisco's VPN client sinks its teeth). This would cause DNS tools to work but everything else to fail. The best thing to do is setup split DNS. This will specify domains that should be resolved on the other side of the VPN. Any other domains will resolve to whatever you have setup in your interface settings.
If you can't set that up, set your DNS server to resolve all queries (be careful with this and make sure you want to do it)
If you can't resolve DNS queries at all on the server on the other side of the VPN, figure out why. Most likely you aren't specifying the correct traffic to tunnel.