On 25 Feb 2000, Jake Colman wrote:
> 1) Modify named.conf to contain the "query-source address" line. Execute
> 'ndc restart' and diald gets triggered. This only happens the first
> time. Subsequent attempts at 'ndc restart' do NOT trigger diald. Maybe
> somehow it 'knows' that its named.conf file was modified and it does
> something different which causes diald to trigger?
That's a little odd, but minor. You can investigate that
later with tcpdump.
> 2) With the link established, DNS name resolution works correctly.
Good ...
> 3) I manually dropped the link with a 'kill -s SIGINT'. Once dropped, I
> cannot get diald to retrigger via a name resolution -- even if it's not
> something already in its cache.
Check your /etc/resolv.conf file. It should look something
like
search jnchome.com
127.0.0.1
207.198.253.36
207.198.222.7
> 4) I tried an nslookup of something not in the cache and I got the following:
>
> *** firewall.jnchome.com can't find www.apple.com: Non-existent host/domain
You've found the Achilles Heel of this workaround. nslookup
won't bring up the link if you point it to your local
server. Use a server option in .nslookuprc to point it
elsewhere with a server directive and it will correctly
bring up the link to resolve all names except those in your
local net. It's really a bit of a quirk in nslookup, to
only try one server.
> It seems like named is refusing to contact anyone after I
> made the change for "query-source address".
No, the link just isn't coming up on named to named
requests. The trick now is to get it to come up on other
app to named requests. That depends on setting
/etc/resolv.conf correctly.
> ================================================================
>
> Below is my complete named.conf file:
>
>
> logging {
> category statistics { null; };
> };
>
> options {
> forward only;
> forwarders {
> 207.198.253.36;
> 207.198.222.7;
> };
> query-source address * port 53;
> directory "/var/named";
> };
>
> zone "." {
> type hint;
> file "named.ca";
> };
>
> zone "0.0.127.in-addr.arpa"{
> type master;
> file "named.local";
> };
>
> zone "jnchome.com" {
> notify no;
> type master;
> file "named.jnchome.com";
> };
>
> zone "0.168.192.in-addr.arpa" {
> notify no;
> type master;
> file "named.0.168.192";
> };
>
> ================================================================
>
> Below is my complete standard.filter file. I've removed all comments in
> order to reduce the size of the post.
>
>
> ignore tcp tcp.dest=tcp.domain
> ignore tcp tcp.source=tcp.domain
>
> accept tcp 5 ip.tot_len=40,tcp.syn
>
> ignore tcp ip.tot_len=40,tcp.live
>
> accept tcp 120 tcp.dest=tcp.www
> accept tcp 120 tcp.source=tcp.www
>
> keepup tcp 120 tcp.dest=tcp.ssl
> keepup tcp 120 tcp.source=tcp.ssl
>
> keepup tcp 5 !tcp.live
> ignore tcp !tcp.live
>
> accept tcp 120 tcp.dest=tcp.ftp
> accept tcp 120 tcp.source=tcp.ftp
>
> accept tcp 600 any
>
> ignore udp udp.dest=udp.who
> ignore udp udp.source=udp.who
>
> ignore udp udp.dest=udp.route
> ignore udp udp.source=udp.route
>
> ignore udp udp.dest=udp.ntp
> ignore udp udp.source=udp.ntp
> ignore udp udp.dest=udp.timed
> ignore udp udp.source=udp.timed
>
> ignore udp udp.dest=udp.domain,udp.source=udp.domain
>
> accept udp 30 udp.dest=udp.domain
> accept udp 30 udp.source=udp.domain
>
> ignore udp udp.source=udp.netbios-ns,udp.dest=udp.netbios-ns
> accept udp 30 udp.dest=udp.netbios-ns
> accept udp 30 udp.source=udp.netbios-ns
>
> ignore udp tcp.dest=udp.route
> ignore udp tcp.source=udp.route
>
> accept udp 120 any
>
> accept any 30 any
>
> ================================================================
>
> Are you able to figure this out?
I hope it's just your resolv.conf .
Ed
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
