On Tue, 09 Jul 2002 20:10:58 PDT Jim Van Eeckhoutte wrote:
> Dnscache.lrp doesn't seem to work. Ive installed as per instructions on
> site. Daemontls.lrp is installed too. I noticed there is no log files in
> /var/log/dnscache dir. How can I troubleshoot this thing? thnx
I almost replied to your first post, but decided I would wait
to see if someone with daemontools experience did first. Is it
possible for you to (at least temporarily) remove daemontools?
It adds one more layer that can be misconfigured and cause
problems and dnscache should run fine without it.
If you can dump daemontools for now, here is the troubleshooting
procedure I recommend:
1. In /etc/dnscache/env, verify IP is set to your internal
interface address. 192.168.20.254, IIRC. Verify IPQUERY
is broad enough to allow requests from your internal lan.
The default of "192.168" should be fine.
2. "svi dnscache start" to make sure dnscache has been started
3. "ps | grep dnscache" to verify it's really running
4. "cat /proc/net/udp" and look for a line that starts
"53: FE14A8C0:" to verify it's listening for UDP traffic
on port 53 of 192.168.20.254 (assuming that's the correct
address for internal interface)
5. Test name resolution from the firewall using dnscache.
Temporarily comment out all nameserver lines in
/etc/resolv.conf and add one that reads
nameserver 192.168.20.254
Run "tail -f /var/log/syslog &" followed by "ping www.google.com"
or similar on the firewall (so there are fewer firewall rules to
worry about and see if www.google.com resolves. If so, dnscache
is probably working fine make sure your shorewall rules permit
access from your internal hosts. If not, was there any output
in /var/log/syslog that indicates shorewall is blocking requests
to the root name servers? (I'm assuming you are using the default
resolving config rather than forwarding requests to your ISP's DNS
server(s)).
6. If it were me and #1-5 didn't offer any insight, I would probably
break out tcpdump.lrp and start watching packets on the internal
interface (tcpdump -n -i eth1 port 53) to make sure DNS requests
were being sent properly to dnscache.
Things get slightly trickier if you're running daemontools too
because, IIRC, they introduce additional configuration files to
limit access to the daemon, here dnscache. The dnscache binary
probably won't be running (and show up in a ps) most of the time
either.
I would need to dig through /etc/init.d/dnscache and the daemontools
docs (http://cr.yp.to/daemontools.html) to offer much more help, and
unfortunately I don't have enough time to do so at the moment. I did
notice MULTI=0 in my (Bering RC2) version of /etc/init.d/dnscache
though. It appears that disables logging, so you may want to
investigate more closely and try setting it to 1.
Hope that's enough to get you started.
--Brad
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Stuff, things, and much much more.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
