Reverse DNS Lookups from SuSE 9.1

Sun, 31 Oct 2004 17:18:12 -0800 

Sorry in advance for the long post, but better to give all relevant
info now than have people ask for it later.

I am trying to replace an old hylafax box with a newer one.  The newer
PC takes up less space in the overcrowded rack :-)  Also, we are
trying to standardise on SuSE for our Linux boxes where possible.

I am using SuSE Linux Professional 9.1.  I have done a minimal install
and added hylafax.

Here are my symptoms:

When I remotely access the server with ssh, I type in my user name and
then have to wait about 20 seconds for the password prompt.  This is
what /var/log/messages says about it:

   Nov  1 12:53:50 faxserver sshd[17147]: reverse mapping checking
getaddrinfo for
   david.chchcasino.local failed - POSSIBLE BREAKIN ATTEMPT!

I run yast and select Network Services -> DNS and Host Name.  The host
name and domain name are faxserver.chchcasino.local.  Name Server 1
and 2 show the IP addresses of our DNS servers and Domain Search 1
shows chchcasino.local.  And just to be sure:

   [EMAIL PROTECTED]:~> cat /etc/resolv.conf
   nameserver 192.168.1.18
   nameserver 192.168.1.19
   search chchcasino.local

So, I do a lookup on david.chchcasino.local:

   [EMAIL PROTECTED]:~> dig david.chchcasino.local

   ; <<>> DiG 9.2.3 <<>> david.chchcasino.local
   ;; global options:  printcmd
   ;; Got answer:
   ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21462
   ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
 
   ;; QUESTION SECTION:
   ;david.chchcasino.local.                IN      A

   ;; ANSWER SECTION:
   david.chchcasino.local. 86400   IN      A       192.168.1.81

   ;; AUTHORITY SECTION:
   chchcasino.local.       86400   IN      NS      fidelio.chchcasino.local.
   chchcasino.local.       86400   IN      NS      admin.chchcasino.local.

   ;; ADDITIONAL SECTION:
   fidelio.chchcasino.local. 86400 IN      A       192.168.1.18
   admin.chchcasino.local. 86400   IN      A       192.168.1.19

   ;; Query time: 3 msec
   ;; SERVER: 192.168.1.18#53(192.168.1.18)
   ;; WHEN: Mon Nov  1 13:15:20 2004
   ;; MSG SIZE  rcvd: 146

and a reverse lookup on my IP address:

   [EMAIL PROTECTED]:~> dig -x 192.168.1.81

   ; <<>> DiG 9.2.3 <<>> -x 192.168.1.81
   ;; global options:  printcmd
   ;; Got answer:
   ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62387
   ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
   
   ;; QUESTION SECTION:
   ;81.1.168.192.in-addr.arpa.     IN      PTR
   
   ;; ANSWER SECTION:
   81.1.168.192.in-addr.arpa. 86400 IN     PTR     david.chchcasino.local.
   
   ;; AUTHORITY SECTION:
   168.192.IN-ADDR.ARPA.   86400   IN      NS      fidelio.chchcasino.local.
   168.192.IN-ADDR.ARPA.   86400   IN      NS      admin.chchcasino.local.
   
   ;; ADDITIONAL SECTION:
   fidelio.chchcasino.local. 86400 IN      A       192.168.1.18
   admin.chchcasino.local. 86400   IN      A       192.168.1.19
   
   ;; Query time: 3 msec
   ;; SERVER: 192.168.1.18#53(192.168.1.18)
   ;; WHEN: Mon Nov  1 13:16:03 2004
   ;; MSG SIZE  rcvd: 173

That all looks good to me.

But it gets worse.  Hylafax also wants to do reverse lookups.  If I
use WHFC (the Windows Hylafax Client), or telnet to faxserver on port
4559, I get the 20 second delays and the following error message in
/var/log/messages:

   Nov  1 12:56:11 faxserver HylaFAX[17172]: <--- 130 Warning, no
inverse address
   mapping for client host name "david.chchcasino.local".

And worse still, postfix can't find our internal mail server.  Here is
what mailq says:

   B76E7A441       701 Fri Oct 29 16:23:54  [EMAIL PROTECTED]
                          ([mail.chchcasino.local]: Name or service not known)
                                         [EMAIL PROTECTED]

But I say it is there:

   [EMAIL PROTECTED]:~> dig -t mx chchcasino.local
   
   ; <<>> DiG 9.2.3 <<>> -t mx chchcasino.local
   ;; global options:  printcmd
   ;; Got answer:
   ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10386
   ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
   
   ;; QUESTION SECTION:
   ;chchcasino.local.              IN      MX
   
   ;; ANSWER SECTION:
   chchcasino.local.       86400   IN      MX      10 mail.chchcasino.local.
   
   ;; AUTHORITY SECTION:
   chchcasino.local.       86400   IN      NS      fidelio.chchcasino.local.
   chchcasino.local.       86400   IN      NS      admin.chchcasino.local.
   
   ;; ADDITIONAL SECTION:
   mail.chchcasino.local.  86400   IN      A       192.168.1.13
   fidelio.chchcasino.local. 86400 IN      A       192.168.1.18
   admin.chchcasino.local. 86400   IN      A       192.168.1.19
   
   ;; Query time: 4 msec
   ;; SERVER: 192.168.1.18#53(192.168.1.18)
   ;; WHEN: Mon Nov  1 13:23:07 2004
   ;; MSG SIZE  rcvd: 145
   
So, after all that, does anyone know why dig can see all that stuff
but sshd, hylafax and postfix can't?

If I add myself in to /etc/hosts, sshd and hylafx all work at normal speeds.

While writing this e-mail, I also tried to ping some of these hosts. 
It turns out that I can ping the IP addresses, but not the host names:

   [EMAIL PROTECTED]:~> ping -c 1 david.chchcasino.local
   ping: unknown host david.chchcasino.local

   [EMAIL PROTECTED]:~> ping -c 1 192.168.1.81
   PING 192.168.1.81 (192.168.1.81) 56(84) bytes of data.
   64 bytes from 192.168.1.81: icmp_seq=1 ttl=128 time=0.354 ms
   
   --- 192.168.1.81 ping statistics ---
   1 packets transmitted, 1 received, 0% packet loss, time 0ms
   rtt min/avg/max/mdev = 0.354/0.354/0.354/0.000 ms

Very strange.  dig (and host and nslookup) can do DNS lookups, but
nothing else can.

The same thing happens when I telnet to the mail server on port 25.  I
can telnet 192.168.1.13 25 but not mail.chchcasino.local 25.

Any ideas?

-- 
Later

David Kirk

Reply via email to