Mailinglist Archive: opensuse (4054 mails)
| < Previous | Next > |
SPAM: Re: [SLE] Network Name Resolution Problem Retry
- From: Eric Hines <eehines@xxxxxxxxxxx>
- Date: Sun, 01 Jan 2006 11:42:34 -0600
- Message-id: <6.2.3.4.2.20060101103238.02c58df0@xxxxxxxxxxxxxxxx>
At 01/01/06 05:20, RutePoint wrote:
I thought about ASCII art, but my skills are pretty bad; I thought my word picture would be the lesser of the two evils....
maybe a pig chase?
I've been told in other threads on this list that 9.3's ethx float among NICs from bootup to bootup; the IP stack keeps this sorted out, and all that matters are that the NIC/IP address pairings remain constant. This is the case in my set up. The Net facing NIC's config is:
ip 192.168.1.2 (the primary interface in the sense that it faces the Net; whether it's eth0, 1, or 2 varies from bootup to bootup)
mask 255.255.255.0
gw 192.168.1.1 (the Linksys router/switch that sits between the whole LAN and the Net)
dns 127.0.0.1, 4.2.2.2, 64.81.45.2
NIC1:
ip 192.168.2.2
mask 255.255.255.0
gw 192.168.1.1
dns 127.0.0.1, 4.2.2.2, 64.81.45.2
NIC2:
ip 192.168.3.1
mask 255.255.255.0
gw 192.168.1.1
dns 127.0.0.1, 4.2.2.2, 64.81.45.2
YaST won't let me configure the three NICs differently from each other.
IP Forwarding is turned on, and I can see it coming up during boot up. I haven't done any other routing, in the sense that, in YaST, I left the Routing Table Expert Configuration unchecked and the table blank. The Linksys router/switch has static routes for the .2.0 and .3.0 subnets via the .1.2 NIC.
It may come to that, but I want to hammer on this nut awhile longer before I give up.
Good catch on this one. I had an old hosts file on my Win2k PC, left over from last spring when I had even less knowledge and was even more dangerous, that had the old IP address/hostname mappings. I commented out all but the loopback line; now -flushdns has gotten rid of them, and I get no "permanent" mis-mapped ping results.
How do I tell? dns runs on the same box as all three NICs. Now I'm truly exposing my ignorance. var_log_messages says named is listening on all three NICs and the loopback.
the NIC running .1.0 has IP address .1.2 and connects to the Net via the Linksys (which is on .1.1).
the NIC running 2.0 has IP address .2.2 and manages (?) the subnet containing the Win2k PC (now with a cleaned up hosts file)
the NIC running 3.0 has IP address .3.1 and "manages" the subnet containing the dual bootable laptop.
all three NICs are physically present on the SUSE server; the first two are chips built into the motherboard; the third is a daughter card added later. I've appended the ifcfg-eth-id-<MAC> for one of the NICs; they're all the same except for their own IP data (unless I missed something) and were generated by YaST when I configured the NICs.
BOOTPROTO='static'
BROADCAST='192.168.1.255'
IPADDR='192.168.1.2'
MTU=''
NAME='Intel 82547EI Gigabit Ethernet Controller (LOM)'
NETMASK='255.255.255.0'
NETWORK='192.168.1.0'
REMOTE_IPADDR=''
STARTMODE='auto'
UNIQUE='JNkJ.NvquJ_ETJIB'
USERCONTROL='no'
_nm_name='bus-pci-0000:02:01.0'
PREFIXLEN=''
The domain for the .1.0 subnet has been set as .test.biz, and the domain for the .2.0 and .3.0 subnets has been set as .test1.biz.
I'm sorry if this seems too much like a regurgitation of what I said in my initial email; I'm probably not understanding what you're looking for with "environment setup."
named.conf file below. I hope it doesn't generate a SPAM tag. I've included it in line because this list, apparently, strips attachments.
###
# Test Biz DNS Control File
###
# Date: 22 Dec 2005
###
# Added logging 30 Dec 05
logging {
channel mysyslog {
syslog daemon;
severity error;
};
channel mylog {
file "/var/log/named.log";
severity error;
print-time yes;
print-category yes;
print-severity yes;
};
category default {
mysyslog;
mylog;
};
};
options {
directory "/var/lib/named";
forwarders {
4.2.2.2;
};
forward first;
listen-on {
mynet;
};
auth-nxdomain yes;
multiple-cnames yes;
notify no;
};
zone "." in {
type hint;
file "root.hint";
};
zone "localhost" in {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};
acl mynet {
192.168.1.0/24;
192.168.2.0/24;
192.168.3.0/24;
127.0.0.1;
};
acl seconddns {
64.81.45.2;
};
zone "test1.biz" {
type master;
file "/var/lib/named/master/test1.biz.hosts";
allow-query {
mynet;
};
allow-transfer {
mynet;
};
allow-update {
mynet;
};
};
zone "test.biz" {
type master;
file "/var/lib/named/master/test.biz.hosts";
allow-query {
any;
};
allow-transfer {
seconddns;
};
};
zone "2.168.192.in-addr.arpa" {
type master;
file "/var/lib/named/192.168.2.0.rev";
allow-query {
mynet;
};
allow-transfer {
mynet;
};
allow-update {
mynet;
};
};
zone "3.168.192.in-addr.arpa" {
type master;
file "/var/lib/named/192.168.3.0.rev";
allow-query {
mynet;
};
allow-transfer {
mynet;
};
allow-update {
mynet;
};
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/var/lib/named/192.168.1.0.rev";
allow-query {
mynet;
};
allow-transfer {
mynet;
};
allow-update {
mynet;
};
};
And the following log entries just showed up this morning in my named.log file:
31-Dec-2005 19:44:36.757 update-security: error: client 192.168.1.2#32783: update 'test.biz/IN' denied
31-Dec-2005 19:57:03.777 update-security: error: client 192.168.1.2#32786: update 'test.biz/IN' denied
31-Dec-2005 20:33:59.980 general: error: /var/lib/named/master/test1.biz.hosts.jnl: create: permission denied
01-Jan-2006 07:42:44.499 general: error: /var/lib/named/master/test1.biz.hosts.jnl: create: permission denied
01-Jan-2006 07:46:06.793 general: error: /var/lib/named/master/test1.biz.hosts.jnl: create: permission denied
01-Jan-2006 07:46:15.520 general: error: /var/lib/named/master/test1.biz.hosts.jnl: create: permission denied
Maybe they've been their all along; I only figured out how to get error messages into my log on 31 Dec; although they weren't showing up in the messages or warn files earlier.
You, too, and thanks for your help.
There is no nonsense so errant that it cannot be made the creed of the vast majority by adequate governmental action.
--Bertrand Russell
greetz
first of all, as a small hint try to keep your case written in a simple
form, ive tried to read it
several times and still i am not sure whether i got the whole picture! i had
to take out a pen
and paper to draw a bit ;)
I thought about ASCII art, but my skills are pretty bad; I thought my word picture would be the lesser of the two evils....
anyhow before i go on this goose chase
maybe a pig chase?
so to speak, there are several
questions that would be
good to present first.
as you have placed the suse box as an in between server to separate
networks,
how did you configure the itnerfaces on the box?
did you give the primary interface (im presuming its eth0) the following
parameters
ip 192.168.1.2
mask 255.255.255.0
gw 192.168.1.1 (or 192.168.1.254 varies on implementation ^^ )
dns 127.0.0.1, 172.16.4.2 (what ever your operator dns is )
I've been told in other threads on this list that 9.3's ethx float among NICs from bootup to bootup; the IP stack keeps this sorted out, and all that matters are that the NIC/IP address pairings remain constant. This is the case in my set up. The Net facing NIC's config is:
ip 192.168.1.2 (the primary interface in the sense that it faces the Net; whether it's eth0, 1, or 2 varies from bootup to bootup)
mask 255.255.255.0
gw 192.168.1.1 (the Linksys router/switch that sits between the whole LAN and the Net)
dns 127.0.0.1, 4.2.2.2, 64.81.45.2
for the remaining interfaces did you give a gateway or just gave an ip /mask
eth1
ip 192.168.2.1
mask 255.255.255.0
eth2
ip 192.168.3.1
mask 255.255.255.0
NIC1:
ip 192.168.2.2
mask 255.255.255.0
gw 192.168.1.1
dns 127.0.0.1, 4.2.2.2, 64.81.45.2
NIC2:
ip 192.168.3.1
mask 255.255.255.0
gw 192.168.1.1
dns 127.0.0.1, 4.2.2.2, 64.81.45.2
YaST won't let me configure the three NICs differently from each other.
did you attempt to configure any routing?
there is no need if you just kept the network configuration simple as
mentioned above :)
IP Forwarding is turned on, and I can see it coming up during boot up. I haven't done any other routing, in the sense that, in YaST, I left the Routing Table Expert Configuration unchecked and the table blank. The Linksys router/switch has static routes for the .2.0 and .3.0 subnets via the .1.2 NIC.
personally about 4 years ago i tried to use ddns and found it to cause
enough headaches so
i just gave up on it back then and stuck to a static dns setup dunno whether
it works better nowadays
so if you would use a static dns and drop ddns that should help a lot.....i
guess :)
It may come to that, but I want to hammer on this nut awhile longer before I give up.
the samba can mess up a bit things in a sence that when windows attempt to
resolve
depending on how you have configured your windows clients, they might
resolve using
first the lmhost file which might contain static entries or then again it
would resolve from the network
so double check your lmhost for static entries on the windows systems
Good catch on this one. I had an old hosts file on my Win2k PC, left over from last spring when I had even less knowledge and was even more dangerous, that had the old IP address/hostname mappings. I commented out all but the loopback line; now -flushdns has gotten rid of them, and I get no "permanent" mis-mapped ping results.
and if you decide to remove the ddns from your network, unselect the
register dns from the windows
network settings cause that would spare your suse box from log records :)
now back to your dns configuration,
what interfaces have you got the dns to listen on?
How do I tell? dns runs on the same box as all three NICs. Now I'm truly exposing my ignorance. var_log_messages says named is listening on all three NICs and the loopback.
i think to ease the goose chase here is for you to send a more elaborative
description
of your environment setup
the NIC running .1.0 has IP address .1.2 and connects to the Net via the Linksys (which is on .1.1).
the NIC running 2.0 has IP address .2.2 and manages (?) the subnet containing the Win2k PC (now with a cleaned up hosts file)
the NIC running 3.0 has IP address .3.1 and "manages" the subnet containing the dual bootable laptop.
all three NICs are physically present on the SUSE server; the first two are chips built into the motherboard; the third is a daughter card added later. I've appended the ifcfg-eth-id-<MAC> for one of the NICs; they're all the same except for their own IP data (unless I missed something) and were generated by YaST when I configured the NICs.
BOOTPROTO='static'
BROADCAST='192.168.1.255'
IPADDR='192.168.1.2'
MTU=''
NAME='Intel 82547EI Gigabit Ethernet Controller (LOM)'
NETMASK='255.255.255.0'
NETWORK='192.168.1.0'
REMOTE_IPADDR=''
STARTMODE='auto'
UNIQUE='JNkJ.NvquJ_ETJIB'
USERCONTROL='no'
_nm_name='bus-pci-0000:02:01.0'
PREFIXLEN=''
The domain for the .1.0 subnet has been set as .test.biz, and the domain for the .2.0 and .3.0 subnets has been set as .test1.biz.
I'm sorry if this seems too much like a regurgitation of what I said in my initial email; I'm probably not understanding what you're looking for with "environment setup."
and your dns named.conf file
(personally i rewrote the named.conf on my suse 9.3, its now cleaner and
simpler than what yast generates :) )
named.conf file below. I hope it doesn't generate a SPAM tag. I've included it in line because this list, apparently, strips attachments.
###
# Test Biz DNS Control File
###
# Date: 22 Dec 2005
###
# Added logging 30 Dec 05
logging {
channel mysyslog {
syslog daemon;
severity error;
};
channel mylog {
file "/var/log/named.log";
severity error;
print-time yes;
print-category yes;
print-severity yes;
};
category default {
mysyslog;
mylog;
};
};
options {
directory "/var/lib/named";
forwarders {
4.2.2.2;
};
forward first;
listen-on {
mynet;
};
auth-nxdomain yes;
multiple-cnames yes;
notify no;
};
zone "." in {
type hint;
file "root.hint";
};
zone "localhost" in {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};
acl mynet {
192.168.1.0/24;
192.168.2.0/24;
192.168.3.0/24;
127.0.0.1;
};
acl seconddns {
64.81.45.2;
};
zone "test1.biz" {
type master;
file "/var/lib/named/master/test1.biz.hosts";
allow-query {
mynet;
};
allow-transfer {
mynet;
};
allow-update {
mynet;
};
};
zone "test.biz" {
type master;
file "/var/lib/named/master/test.biz.hosts";
allow-query {
any;
};
allow-transfer {
seconddns;
};
};
zone "2.168.192.in-addr.arpa" {
type master;
file "/var/lib/named/192.168.2.0.rev";
allow-query {
mynet;
};
allow-transfer {
mynet;
};
allow-update {
mynet;
};
};
zone "3.168.192.in-addr.arpa" {
type master;
file "/var/lib/named/192.168.3.0.rev";
allow-query {
mynet;
};
allow-transfer {
mynet;
};
allow-update {
mynet;
};
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/var/lib/named/192.168.1.0.rev";
allow-query {
mynet;
};
allow-transfer {
mynet;
};
allow-update {
mynet;
};
};
And the following log entries just showed up this morning in my named.log file:
31-Dec-2005 19:44:36.757 update-security: error: client 192.168.1.2#32783: update 'test.biz/IN' denied
31-Dec-2005 19:57:03.777 update-security: error: client 192.168.1.2#32786: update 'test.biz/IN' denied
31-Dec-2005 20:33:59.980 general: error: /var/lib/named/master/test1.biz.hosts.jnl: create: permission denied
01-Jan-2006 07:42:44.499 general: error: /var/lib/named/master/test1.biz.hosts.jnl: create: permission denied
01-Jan-2006 07:46:06.793 general: error: /var/lib/named/master/test1.biz.hosts.jnl: create: permission denied
01-Jan-2006 07:46:15.520 general: error: /var/lib/named/master/test1.biz.hosts.jnl: create: permission denied
Maybe they've been their all along; I only figured out how to get error messages into my log on 31 Dec; although they weren't showing up in the messages or warn files earlier.
regards
RutePoint
PS: Happy New Year
You, too, and thanks for your help.
On 1/1/06, Eric Hines <eehines@xxxxxxxxxxx> wrote:
>
> Folks,
>
> (Retransmitted because my last got labelled SPAM; hopefully, I gotten
> the offending parts out this time.)
>
> <much snippage; this email is long enough....>
There is no nonsense so errant that it cannot be made the creed of the vast majority by adequate governmental action.
--Bertrand Russell
| < Previous | Next > |