Mailinglist Archive: opensuse (1477 mails)

< Previous Next >
Re: [opensuse] what does 127.0.1.1 mean?
lynn said the following on 03/31/2012 11:36 AM:

Do I need a PTR for each computer on the lan?

I can imagine circumstance where the answer to that is 'no' but I
suspect those circumstances don't apply to you.

If you had ddns working then it would be done 'auto-magically'.

There are two ways to can get their reverse addresses to work.
The first is to use 'dynamic dns' where the DHCP server tells the DNS
server that it has assigned an address and supplies the details which
the DNS server can now had out in response to queries.
Yes. That's what we have. that's what the samba4 guys added to bind9 to

Was it the Samba guys?
I thought DDNS (RFC2136 et al [3007, 4033, 4034, 4035]) dates back to
1997 and was out of ISC edited by the proverbial Mr Vixie :-)

Yes, Microsoft and Ad integrated DDNS and brought in the modified
version of kerberos, but that still doesn't make it a SAMBA initiative.

You can experiment manually adding records from the CLI with 'nsupdate'.



get it to do the dynamic updates. We have our win7 and linux clients
using the dhcp server.

That's the server running under Linux?

It works ok but coming back to the original
point, we have to put 127.0.1.1 in /etc/hosts on the client to get a
name over to the server.

What is the server in need of? The FQDN?
The FQDN should come from the unique IP address of the client.
That's why I keep talking about the reverse DNS.

I assume we're still talking about something that DHCP-driven?

Either the name is hard-coded or its supplied by the DHCP server and the
DHCP server tells the DNS server (via the DDNS protocol) to create the
forward and reverse records.

I _suspect_ that because there is no reverse record it falls back to
127.0.0.1 and that's what your faced with. I've not used kerberos in
this context; my last venture using it was with AIX/SPSS ....






The IPv6 stuff come straight out of a default openSUSE bind install. I
don't want it. It just gets put here.

NASTY!

In the screens you show at the bloc ...
opensuse-using-yast-to-setup-dns.html there is the option to delete the
IPV6 entry and the option to enable DDNS




listen-on-v6 { any; };
WHOA! listen-on-v6 turns on BIND to listen for IPv6 queries.
If you're not running IPv6 then you want "none" rather than "any".
This may account for one error :-)
Yes it does. Again, it is default openSUSE.

I think its up to you to delete what isn't wanted and to enable what is
wanted.





No that's fine. The only error now is here:
Mar 31 17:25:44 hh3 named[2483]: starting BIND 9.8.1-P1 -u named

Info not err

Mar 31 17:25:44 hh3 named[2483]: built with '--prefix=/usr'
'--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc'
'--localstatedir=/var' '--libdir=/usr/lib'
'--includedir=/usr/include/bind' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--with-openssl' '--enable-threads'
'--with-libtool' '--enable-runidn' '--with-libxml2' '--with-dlz-mysql'
'--with-dlz-ldap' 'CFLAGS=-fomit-frame-pointer -fmessage-length=0 -O2
-Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables
-fasynchronous-unwind-tables -DNO_VERSION_DATE -fno-strict-aliasing'
'LDFLAGS=-L/usr/lib'

Info not err

Mar 31 17:25:44 hh3 named[2483]: adjusted limit on open files from 4096
to 1048576
Mar 31 17:25:44 hh3 named[2483]: found 1 CPU, using 1 worker thread
Mar 31 17:25:44 hh3 named[2483]: using up to 4096 sockets
Mar 31 17:25:44 hh3 named[2483]: loading configuration from
'/etc/named.conf'

Info not err


Mar 31 17:25:44 hh3 named[2483]: reading built-in trusted keys from file
'/etc/bind.keys'

Yes but I recall there isn't actual a key, there , is there?

Building the key and including it in DNS/DHCP was an option on those
screens at the blog which you didn't take. Perhaps you should have ..




Mar 31 17:25:44 hh3 named[2483]: using default UDP/IPv4 port range:
[1024, 65535]
Mar 31 17:25:44 hh3 named[2483]: using default UDP/IPv6 port range:
[1024, 65535]
Mar 31 17:25:44 hh3 named[2483]: listening on IPv6 interfaces, port 53
Mar 31 17:25:44 hh3 named[2483]: listening on IPv4 interface lo,
127.0.0.1#53
Mar 31 17:25:44 hh3 named[2483]: listening on IPv4 interface eth1,
192.168.1.3#53

Info not err

Mar 31 17:25:44 hh3 named[2483]: generating session key for dynamic DNS
Mar 31 17:25:44 hh3 named[2483]: sizing zone task pool based on 5 zones
Mar 31 17:25:44 hh3 named[2483]: Loading 'AD DNS Zone' using driver dlopen
Mar 31 17:25:47 hh3 named[2483]: samba_dlz: started for DN DC=hh3,DC=site
Mar 31 17:25:47 hh3 named[2483]: samba_dlz: starting configure
Mar 31 17:25:47 hh3 named[2483]: samba_dlz: configured writeable zone
'hh3.site'
Mar 31 17:25:47 hh3 named[2483]: samba_dlz: configured writeable zone
'_msdcs.hh3.site'
Mar 31 17:25:47 hh3 named[2483]: set up managed keys zone for view
_default, file '/var/lib/named/dyn//managed-keys.bind'
Mar 31 17:25:47 hh3 named[2483]: automatic empty zone: 10.IN-ADDR.ARPA
Mar 31 17:25:47 hh3 named[2483]: automatic empty zone: 16.172.IN-ADDR.ARPA
Mar 31 17:25:47 hh3 named[2483]: automatic empty zone: 17.172.IN-ADDR.ARPA
Mar 31 17:25:47 hh3 named[2483]: automatic empty zone: 18.172.IN-ADDR.ARPA
Mar 31 17:25:47 hh3 named[2483]: automatic empty zone: 19.172.IN-ADDR.ARPA
Mar 31 17:25:47 hh3 named[2483]: automatic empty zone: 20.172.IN-ADDR.ARPA
Mar 31 17:25:47 hh3 named[2483]: automatic empty zone: 21.172.IN-ADDR.ARPA
Mar 31 17:25:47 hh3 named[2483]: automatic empty zone: 22.172.IN-ADDR.ARPA
Mar 31 17:25:47 hh3 named[2483]: automatic empty zone: 23.172.IN-ADDR.ARPA
Mar 31 17:25:47 hh3 named[2483]: automatic empty zone: 24.172.IN-ADDR.ARPA
Mar 31 17:25:47 hh3 named[2483]: automatic empty zone: 25.172.IN-ADDR.ARPA
Mar 31 17:25:47 hh3 named[2483]: automatic empty zone: 26.172.IN-ADDR.ARPA
Mar 31 17:25:47 hh3 named[2483]: automatic empty zone: 27.172.IN-ADDR.ARPA
Mar 31 17:25:47 hh3 named[2483]: automatic empty zone: 28.172.IN-ADDR.ARPA
Mar 31 17:25:47 hh3 named[2483]: automatic empty zone: 29.172.IN-ADDR.ARPA
Mar 31 17:25:47 hh3 named[2483]: automatic empty zone: 30.172.IN-ADDR.ARPA
Mar 31 17:25:47 hh3 named[2483]: automatic empty zone: 31.172.IN-ADDR.ARPA

That doesn't matter, its all info not err



Mar 31 17:25:47 hh3 named[2483]: automatic empty zone: 168.192.IN-ADDR.ARPA

Mar 31 17:25:47 hh3 named[2483]: automatic empty zone: 0.IN-ADDR.ARPA
Mar 31 17:25:47 hh3 named[2483]: automatic empty zone: 127.IN-ADDR.ARPA


Mar 31 17:25:47 hh3 named[2483]: automatic empty zone: 254.169.IN-ADDR.ARPA
Mar 31 17:25:47 hh3 named[2483]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Mar 31 17:25:47 hh3 named[2483]: automatic empty zone:
100.51.198.IN-ADDR.ARPA
Mar 31 17:25:47 hh3 named[2483]: automatic empty zone:
113.0.203.IN-ADDR.ARPA
Mar 31 17:25:47 hh3 named[2483]: automatic empty zone:
255.255.255.255.IN-ADDR.ARPA
Mar 31 17:25:47 hh3 named[2483]: automatic empty zone:
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Mar 31 17:25:47 hh3 named[2483]: automatic empty zone: D.F.IP6.ARPA
Mar 31 17:25:47 hh3 named[2483]: automatic empty zone: 8.E.F.IP6.ARPA
Mar 31 17:25:47 hh3 named[2483]: automatic empty zone: 9.E.F.IP6.ARPA
Mar 31 17:25:47 hh3 named[2483]: automatic empty zone: A.E.F.IP6.ARPA
Mar 31 17:25:47 hh3 named[2483]: automatic empty zone: B.E.F.IP6.ARPA
Mar 31 17:25:47 hh3 named[2483]: automatic empty zone:
8.B.D.0.1.0.0.2.IP6.ARPA

You really should disable IPv6 if you're not using it.


Mar 31 17:25:47 hh3 named[2483]: command channel listening on 127.0.0.1#953

Info, but its the local IP address that counts :-

Mar 31 17:25:47 hh3 named[2483]: couldn't add command channel ::1#953:
address not available

More IPv6 stuff you can do without.


Mar 31 17:25:47 hh3 named[2483]: zone 0.0.127.in-addr.arpa/IN: loaded
serial 42
Mar 31 17:25:47 hh3 named[2483]: zone 1.168.192.in-addr.arpa/IN: loaded
serial 2012033101
Mar 31 17:25:47 hh3 named[2483]: zone
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN:
loaded serial 42
Mar 31 17:25:47 hh3 named[2483]: zone localhost/IN: loaded serial 42
Mar 31 17:25:47 hh3 named[2483]: managed-keys-zone ./IN: loaded serial 0
Mar 31 17:25:47 hh3 named[2450]: Starting name server BIND ..done
Mar 31 17:25:47 hh3 named[2483]: running

This is after changing ownership of /var/lib/named and after creating he
managed-keys.bind file. Without those changes, bind will not start.

The managed keys file isn't something you create by using 'touch'; it
should contain the crypto keys you are using.






Again, an 'include' may alter things dramatically!
Default again. named.conf.include is empty.

OK .....





Notes:
Changes made to the 12.1 bind to get rid of the startup errors:
chown named:named /var/lib/named (working directory not writable)
:-)

touch /var/lib/dyn/managed-keys.bind (file does not exist)
No, that needs to contain the crypto key used by ddns.
Unless that file exists, it throws an error.

Yes, but unless it contains the crypto key shared by DHCP and DNS then
DDNS won't work. This should have been generated by YAST. Its one of
the options, like deleting IPv6, that you should have set.




/etc/sysconfig/named NAMED_RUN_CHROOTED="no" (It's too much hassle
transferring the samba dlz stuff to the jail)
I can see that; I'm not going to harp on abut "basic security".
I chroot so I know I can, but if you can justify not needing to
then its "no harm, no foul".

Yes. The samba include file must be readable. In the chroot it can't be
read. I can't find a way of making it work in the chroot without
including most of the samba stuff in there too.

Yes, that's the point of chroot...

Meanwhile, one important one. I need to add a PTR for each machine on
the lan?

Yes.

As I said in a previous post; you can either use DDNS to let DHCP add
and remove or you can 'cheat' and have them in there to match the same
range as DHCP is going to hand out. The latter lets you micromanage the
names.




--
Insanity is hereditary. You get it from your kids.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups