[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] DNS woes with Devil Linux

Subject: [ale] DNS woes with Devil Linux
From: jknapka at kneuro.net (Joe Knapka)
Date: Sat May 15 18:11:45 2004

Some time back, I wrote the message quoted below regarding the fact
that no matter what I did to the BIND or iptables config on my
Devil-Linux router, I couldn't get DNS requests from my DMZ network to
work.

Of course, the problem - which I just solved today - turned out to be
on the client side.  I only have one machine - a RH8 laptop - on the
DMZ net (which is actually my internal wireless network, NATted to the
world - not a real DMZ). And RH8's iptables config rejects DNS replies
except for those from the DNS server configured at install time, which
in this case was a different machine. Even though I'd changed
resolv.conf, the RH8 iptables rules were still blocking replies from
the new DNS server. A minor edit to /etc/sysconfig/iptables solved it.

There's probably a conventional way to fix this kind of thing from
the GUI, but I didn't bother figuring out what it is.

Cheers,

-- Joe Knapka

> Hi everyone,
> 
> As I reported recently, I've started using Devil Linux to route
> between my home LAN, wireless net, and cable connection.  All is going
> well, but I've discovered a strange issue that may or may not be
> Devil-Linux-specific; maybe someone here has a clue.
> 
> Devil runs a cache-only DNS server (BIND 9) that is, by default,
> visible only to machines on the internal network. I want that DNS
> server to service the wireless network as well (which I've configured
> as the "DMZ" net, making appropriate changes to the firewall rules to
> have the "DMZ" actually be treated as a distinct internal network).
> 
> I have changed the firewall rules to allow connections on the wireless
> interface at port 53 (both TCP and UDP), and I've also changed BIND's
> configuration to make it listen on both the internal and the wireless
> interfaces.  "lsof" reveals that named is in fact listening on both
> interfaces. From the internal net, "nslookup" et al can successfully
> resolve names using the router's named. Furthermore, from a machine on
> the wireless net I can telnet to port 53 on the router and get
> connected. (I know DNS uses UDP, but this fact seems to validate
> that the firewall rules are opening the correct ports.)
> 
> Still, DNS lookups from the wireless network to the router fail with
> "timeout, no servers could be reached". Iptables doesn't log
> any rejects during a lookup attempt, but named just won't
> answer the phone.
> 
> Can anyone suggest other things I might need to check/reconfigure?
> 
> Thanks,
> 
> -- Joe Knapka
> 


-- 
Resist the feed.
--
pub  1024D/BA496D2B 2004-05-14 Joseph A Knapka
     Key fingerprint = 3BA2 FE72 3CBA D4C2 21E4  C9B4 3230 94D7 BA49 6D2B
If you really want to get my attention, send mail to
jknapka .at. kneuro .dot. net.

Prev by Date: [ale] Kernel Panic
Next by Date: [ale] Kernel Panic
Previous by thread: [ale] Kernel Panic
Next by thread: [ale] ALE NW May Meeting Announcement
Index(es):
- Date
- Thread