[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-date: Sat May 15 18:11:45 2004 -->
- <!--x-from-r13: wxancxn ng xarheb.arg (Xbr Yancxn) -->
- <!--x-message-id: [email protected] -->
- <!--x-subject: [ale] DNS woes with Devil Linux -->
- <li><em>date</em>: Sat May 15 18:11:45 2004</li>
- <li><em>from</em>: jknapka at kneuro.net (Joe Knapka)</li>
- <li><em>subject</em>: [ale] DNS woes with Devil Linux</li>
Of course, the problem - which I just solved today - turned out to be
on the client side. I only have one machine - a RH8 laptop - on the
DMZ net (which is actually my internal wireless network, NATted to the
world - not a real DMZ). And RH8's iptables config rejects DNS replies
except for those from the DNS server configured at install time, which
in this case was a different machine. Even though I'd changed
resolv.conf, the RH8 iptables rules were still blocking replies from
the new DNS server. A minor edit to /etc/sysconfig/iptables solved it.
There's probably a conventional way to fix this kind of thing from
the GUI, but I didn't bother figuring out what it is.
Cheers,
-- Joe Knapka
> Hi everyone,
>
> As I reported recently, I've started using Devil Linux to route
> between my home LAN, wireless net, and cable connection. All is going
> well, but I've discovered a strange issue that may or may not be
> Devil-Linux-specific; maybe someone here has a clue.
>
> Devil runs a cache-only DNS server (BIND 9) that is, by default,
> visible only to machines on the internal network. I want that DNS
> server to service the wireless network as well (which I've configured
> as the "DMZ" net, making appropriate changes to the firewall rules to
> have the "DMZ" actually be treated as a distinct internal network).
>
> I have changed the firewall rules to allow connections on the wireless
> interface at port 53 (both TCP and UDP), and I've also changed BIND's
> configuration to make it listen on both the internal and the wireless
> interfaces. "lsof" reveals that named is in fact listening on both
> interfaces. From the internal net, "nslookup" et al can successfully
> resolve names using the router's named. Furthermore, from a machine on
> the wireless net I can telnet to port 53 on the router and get
> connected. (I know DNS uses UDP, but this fact seems to validate
> that the firewall rules are opening the correct ports.)
>
> Still, DNS lookups from the wireless network to the router fail with
> "timeout, no servers could be reached". Iptables doesn't log
> any rejects during a lookup attempt, but named just won't
> answer the phone.
>
> Can anyone suggest other things I might need to check/reconfigure?
>
> Thanks,
>
> -- Joe Knapka
>
--
Resist the feed.
--
pub 1024D/BA496D2B 2004-05-14 Joseph A Knapka
Key fingerprint = 3BA2 FE72 3CBA D4C2 21E4 C9B4 3230 94D7 BA49 6D2B
If you really want to get my attention, send mail to
jknapka .at. kneuro .dot. net.
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00649.html">[ale] Kernel Panic</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00651.html">[ale] Kernel Panic</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00676.html">[ale] Kernel Panic</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00656.html">[ale] ALE NW May Meeting Announcement</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00650"><strong>Date</strong></a></li>
<li><a href="threads.html#00650"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>