[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Configuring Diald on gateway

To: "zoqix" <http://www.yahoo.com/~zoqix>
Subject: Re: Configuring Diald on gateway
From: http://dummy.us.eu.org/robert (robert)
Date: Thu Nov 9 09:36:49 EST 2000
In-Reply-To: <000701c04a07$edb59220$6688a8c0@local.org.sg>
Keywords: http://www.yahoo.com/~zoqix

 > From: "zoqix" <http://www.yahoo.com/~zoqix>
 > Date: Thu, 9 Nov 2000 12:45:40 +0800
 >
 > >  > > Try doing "tcpdump eth0 -s 8192 -w - udp port 53 | strings" while you
 > >  > > do the connect.  You should be able to see the address it's trying to
 > look
 > >  > > up.
 > >  >
 > >  > It's trying to look up my ISP's DNS, which is 192.122.134.35.
 > >  >
 > >  > > Do you have any forwards in your named.conf?
 > >  >
 > >  > Yes, I have forwards in my named.conf to forward to my ISP's DNS.
 > >
 > > Are you using TCP wrappers?  They're probably doing a reverse-lookup.
 > > Are all your local hosts resolved by your named?
 > 
 > I'm not sure what's TCP wrappers.

Sorry.  In /etc/inetd.conf, each service is "wrapped" by /usr/sbin/tcpd.
According to my co-worker, tcpd does a DNS reverse-lookup.

 > All the local hosts are supposed to be
 > resolved by named but it's still going out to ISP's DNS.
 > Or should I remove the forwarders and make just a local DNS instead of a
 > caching one?
 > Then I can add the ISP's DNS to /etc/resolv.conf.

No, it should work this way.

You need to make sure all your local hosts are included in your zone files
for named.  Otherwise, named will try to do look ups for your local hosts by
trying to resolve them through your ISP's DNS server.

 > >  > > Also, where did you get your IP masquerading rules from?  I assume
 > you are
 > >  > > using ipchains.
 > >  >
 > >  > Yes, I'm using ipchains.
 > >  >
 > >  > Using ipchains -L, I get
 > >  >
 > >  > Chain forward (policy DENY):
 > >  > MASQ    all    ------    192.168.5.0/24    anywhere    n/a
 > >
 > > That's pretty minimal, but it should work.
 > 
 > This is just for internal network. By the way, is this consider as setting
 > up firewall?
 > If not, how do I set up a firewall to protect my network?

You should read the Firewall HOWTO.

 > >
 > >  > >  > I think it's because it trys to update my local dns with external
 > ones.
 > >  > >
 > >  > > Unless you have forwarding set up, I doubt it.
 > >  >
 > >  > Yes, I have forwarding set up in the named.conf.
 > >  >
 > >  > > What does your /etc/host.conf look like?
 > >  >
 > >  > This is my server's host.conf.
 > >  >
 > >  > 127.0.0.1    pc1    localhost.localdomain    localhost
 > >
 > > That's funny.  My /etc/host.conf looks like:
 > >
 > > order hosts,bind
 > > multi on
 > 
 > Oops! Sorry. That's my /etc/hosts.
 > My /etc/host.conf looks the same as yours.
 > 
 > >
 > >  > >  > Do you know any way to set the refresh mode of this off? This may
 > not
 > >  > solve
 > >  > >  > the whole problem of my diald. But it solve at least one.
 >

Prev by Date: Chris's res
Next by Date: Re: Chris's res
Previous by thread: Re: Configuring Diald on gateway
Next by thread: Re: Configuring Diald on gateway
Index(es):
- Date
- Thread