At 12:19 PM 11/7/2003 -0500, ALParada wrote:
When I run nslookup I get :
*** Can't find server name for address 192.168.63.1: No response from server
Where 192.168.63.1 is the loc ip address of LRP. I got it to work using with my ISP DNS servers as forwarders but not with my internal servers. When I use the ISP servers I get a name like null-host.null.bellsouth.net, but if I use my servers I get the above error.
What response *should* these internal DNS servers be giving? That is, if you set the host you are testing from to use them directly (not through dnscache), what answer does nslookup return? (I ask this because I've found that a lot of LAN-authoritative nameservers are not configured correctly to respond to reverse-lookup-requests.)
And are you really saying that your ISP's nameservers resolve "192.168.63.1" to "a name like null-host.null.bellsouth.net"? How odd. Could you post an actual example?
I created a policy to allow the fw into the local network, but still no success.
I assume you mean a rule, not a policy. You might describe what you did. This is too vague to troubleshoot.
Do the internal servers need any kind of special config to allow the caching server to work?
Probably not. Certainly not if they are reasonably standard Linux servers running a recent BIND. But since you tell us absolutely nothing about these internal servers, it is hard to be certain.
Your original report (below) says you "can't resolve any names". But the example you chose for your test is unusual in two ways -- it is a reverse lookup (resolving an address to an FQN), not a name lookup; and it involves a LAN-side (private) address.
What happens if you use nslookup or host to try to resolve some well-known FQN, say yahoo.com or google.com (the test Robert actually suggested in his reply, below)? Is the result when you point dnscache to your ISP's nameservers different from when you point it to your internal nameservers? Can the internal DNS servers resolve these outside names if you point to them directly, not through dnscache?
Finally ... if you have full-strength LAN-side DNS servers, why are you using dnscache at all? Its main purpose is to reduce the frequency of queries to offsite nameservers. You don't gain much, if anything, by caching replies from LANside nameservers (they will themselves cache offsite replies appropriately, if they follow the standards for DNS servers).
TIA
----- Original Message ----- From: "Robert K Coffman Jr - Info From Data Corporation" <[EMAIL PROTECTED]> To: "ALParada" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, November 07, 2003 8:28 AM Subject: RE: [leaf-user] dnscache
> Nothing in your config sounds incorrect, but here is what I did: > > 1. change LRP box internal IP > 2. Changed querying hosts IP (actually this may be the default, but I'm > using a 192.168 address) to 192.168 > 3. I have logging disabled (its working so I don't need it.) > 4. I have forwardonly enabled > 5. Set my ISPs DNS servers (definitely double check this) > 6. I added the following to shorewall rules: > > > ACCEPT fw net tcp 53 > ACCEPT fw net udp 53 > > ACCEPT loc fw udp 53 > > Try running NSLOOKUP to see if your machine is answering: > > NSLOOKUP > > server yourserversIP > > www.amazon.com > > Server: myreallyrockinrouter.mydomain.com > > Address: 192.168.2.1 > > > Non-authoritative answer: > > Name: www.amazon.com > > Address: 207.171.181.16 > > Hope this helps. > > - Bob Coffman > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of ALParada > Sent: Thursday, November 06, 2003 8:36 PM > To: [EMAIL PROTECTED] > Subject: [leaf-user] dnscache > > > Hello, > > I am running Bering with dnscache. Either I don't understand how a > caching server works, or I missed something in the configuration. > Dnscache is running because I verified it with "ps aux". I however can't > resolve any names. I changed the internal ip address under option1. Set > option 4 to yes and option 5 with my isp DNS servers. I added an "accept > loc fw udp 53" under shorewall rules. I also allowed access to the net > from the fw. What am I forgetting? Does dnscache need something like > tinydns to work? There is also no /var/log/dnscache which I keep seeing > references to. Any help would be appreciated.
------------------------------------------------------- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
