Ich moechte einem Router (SuSE 5.1) namens Porter, der zwei Intranetsegmente (A + B) miteinander verbindet, zusaetzlich einen Internetzugang zu meinem ISP einrichten. Dieser Zugang soll ueber eine Firewall (inkl. Masqurading) laufen und neben einem DNS-Server spaeter auch einen Proxy und einen Mailserver beinhalten. Die Konfiguration der Firewall war soweit kein Problem. Auch ist die Syntax des DNS-Servers offensichtlich in Ordung. /var/log/messages named[2966]: starting named[2966]: primary zone "comcon.de" loaded (serial 19 named[2966]: primary zone "168.192.in-addr.arpa" loaded named[2966]: cache zone "" loaded (serial 0) named[2967]: Ready to answer queries. Nur wenn ich den DNS-Server mit NSLOOKUP teste, bekomme ich fehlerhafte Meldungen. Sowohl die Adresse des Default Servers ist falsch auch kann er die Adresse des Clients frank nicht aufloesen. nslookup Default Server: porter Address: 0.0.0.0

frank Server: porter Address: 0.0.0.0

*** porter can't find frank: No response from server

Ich habe die DNS-Howto und die zahlreichen anderen Quelle studiert. Offensichtlich habe ich etwas nicht richtig verstanden, oder meine Firewall spuckt hier kraeftig in die Suppe. Wer kann mir sagen, wo mein Fehler ist ? Vielen Dank fuer die Hilfe schon vorab. Thorsten Ziercke P.S.: die Konfigurationsfiles des Named und der Firewallregeln habe ich hier beigefuegt: ----------------------------------------------------------------------------------------------------------------------- /etc/named.boot ; Sample /etc/named.boot file for the domain "my.domain.edu". ; That domain has IP numbers 192.168.x.x. ; ns = name server ; All relative file names can be found in this directory. ; Named changes also in this directory on startup. So it will dump core here. directory /var/named ; If you want to use this as your primary ns, enable this. All information ; is read from the file "/var/named/my.domain.file". ; IP -> hostname translation is done by ".../my.domain.file.rev". primary frag.net frag.zone primary 168.192.in-addr.arpa frag.rev ; If you have further child zones and you are not a secondary ns for them, ; specify a stub here: ; stub subzone.my.domain.edu 192.168.2.1 subzone.stub ; Use the following entries, if you want to use this as a secondary server. ; The primary server is contacted from time to time for the most recent ; information. "my.domain.file.bak" is used as starting file at boot time until ; the primary ns has been contacted (and in case of the primary ns is down). ; You should then also put this host into the "NS" part of the primary ns. ; secondary my.domain.edu 192.168.7.7 my.domain.file.bak ; secondary 168.192.in-addr.arpa 192.168.7.7 my.domain.file.rev.bak ; primary . localhost ; primary 0.0.127.in-addr.arpa localhost.rev ; Always enable the next line. Read the beginning for how to get the newest ; version of it. (/var/named/root.cache) cache . root.cache ; Change the following line, if you have further name servers, which might ; have more information cached. A good choice here is the ns which is ; authoritive for the zone above you. ; forwarders 192.168.7.5 192.168.7.7 192.168.68.11 forwarders 194.95.192.254 ; If the servers defined by the "forwarders" line do not know the answer, ; this ns will contact the root ns for it. If you enable "slave", it will ; ask one of the "forwarders" to fetch the correct answer. This will lead ; to more complete "forwarding" ns and should be done. slave options query-log ----------------------------------------------------------------------------------------------------------------------- /var/named/comcon.zone ; ; /var/named/frag.zone Local hosts ; ; @ IN SOA frag.net. dns.porter.frag.net. ( 1998111404 86400 3600 3600000 604800 ) IN NS porter. ; IN NS dns.muenchen.org. IN MX 10 mail.muenchen.org. ; IN MX 5 mail.frag.net. ; www IN CNAME porter.frag.net. ; ftp IN CNAME porter.frag.net. proxy IN CNAME porter.frag.net. ; nntp IN CNAME porter.frag.net. ; mail IN CNAME porter.frag.net. ; prn IN CNAME porter.frag.net. ; xntp IN CNAME porter.frag.net. ; localhost IN A 127.0.0.1 porter IN A 192.168.A.x ; frank IN A 192.168.A.y ; clyde IN A 192.168.B.x ; louise IN A 192.168.B.y ; all IN A 255.255.255.255 ----------------------------------------------------------------------------------------------------------------------- /var/named/frag.rev @ IN SOA frag.net. dns.porter.frag.net. ( 1998051701 ;serial (yyyymmddrr) 86400 ;Refresh 3600 ;Retry 3600000 ;Expire 604800 ) ;Minimum IN NS porter. ; ; $ORIGIN 168.192.in-addr.arpa. B.x. IN PTR clyde. B.y. IN PTR louise. ; $ORIGIN 168.192.in-addr.arpa. A.y. IN PTR frank. ----------------------------------------------------------------------------------------------------------------------- /var/named/localhost.rev ; ; /var/named/localhost.rev ; @ IN SOA frag.net. dns.porter.frag.net. ( 1998051703 ;serial (yyyymmddrr) 28800 ;Refresh 7200 ;Retry 604800 ;Expire 86400 ) ;Minimum IN NS porter. ; 1 PTR localhost. ----------------------------------------------------------------------------------------------------------------------- /etc/resolv.conf # # /etc/resolv.conf # # Automatically generated by SuSEconfig on Sun May 17 14:29:05 CEST 1998. # # PLEASE DO NOT EDIT THIS FILE! # # Change variables (NAMESERVER + SEARCHLIST) in /etc/rc.config instead. # # search frag.net porter 192.168.A.x localhost 127.0.0.1 ----------------------------------------------------------------------------------------------------------------------- sh firewall list IP firewall input rules, default policy: deny type prot ifname ifaddress source destination ports deny all ippp0 0.0.0.0 192.168.B.0/24 192.168.B.0/24 n/a deny all ippp0 0.0.0.0 192.168.B.0/24 192.168.A.0/24 n/a deny all ippp0 0.0.0.0 192.168.A.0/24 192.168.B.0/24 n/a deny all ippp0 0.0.0.0 192.168.A.0/24 192.168.A.0/24 n/a acc all eth1 0.0.0.0 192.168.A.y 0.0.0.0/0 n/a acc all eth2 0.0.0.0 192.168.A.y 0.0.0.0/0 n/a acc all eth1 0.0.0.0 192.168.B.x 0.0.0.0/0 n/a acc all eth2 0.0.0.0 192.168.B.x 0.0.0.0/0 n/a acc all eth1 0.0.0.0 192.168.B.y 0.0.0.0/0 n/a acc all eth2 0.0.0.0 192.168.B.y 0.0.0.0/0 n/a acc all eth1 0.0.0.0 192.168.B.0/24 192.168.B.0/24 n/a acc all eth2 0.0.0.0 192.168.B.0/24 192.168.B.0/24 n/a acc all eth1 0.0.0.0 192.168.B.0/24 192.168.A.0/24 n/a acc all eth2 0.0.0.0 192.168.B.0/24 192.168.A.0/24 n/a acc all eth1 0.0.0.0 192.168.A.0/24 192.168.B.0/24 n/a acc all eth2 0.0.0.0 192.168.A.0/24 192.168.B.0/24 n/a acc all eth1 0.0.0.0 192.168.A.0/24 192.168.A.0/24 n/a acc all eth2 0.0.0.0 192.168.A.0/24 192.168.A.0/24 n/a deny all eth1 0.0.0.0 192.168.B.0/24 0.0.0.0/0 n/a deny all eth2 0.0.0.0 192.168.B.0/24 0.0.0.0/0 n/a deny all eth1 0.0.0.0 192.168.A.0/24 0.0.0.0/0 n/a deny all eth2 0.0.0.0 192.168.A.0/24 0.0.0.0/0 n/a ----------------------------------------------------------------------------------------------------------------------- sh masquerade list IP firewall forward rules, default policy: accept type prot ifname ifaddress source destination ports acc/m all ippp0 0.0.0.0 192.168.B.0/24 0.0.0.0/0 n/a acc/m all ippp0 0.0.0.0 192.168.A.0/24 0.0.0.0/0 n/a -- Um aus der Liste ausgetragen zu werden, eine Mail an majordomo@suse.com schicken, mit dem Text: unsubscribe suse-linux