Re: no reverse dns
Chuck Swiger wrote: On Oct 29, 2008, at 11:10 AM, Robin Becker wrote: We have just moved offices and our freebsd machine has started complaining in the following terms Oct 29 17:14:39 int kernel: arplookup ww.xx.yy.zz failed: host is not on local network We have an external router connected as a dhcp server at 192.168.0.2 which apparently has external address ww.xx.yy.zz. I am using a fixed ip address ie 192.168.0.6 I have this in my rc.conf defaultrouter="192.168.0.2" hostname="int.myoffice.com" ifconfig_em0="inet 192.168.0.6 netmask 255.255.255.0" and have dns mapping int.myoffice.com --> ww.xx.yy.zz, If you tell the machine that it is int.myoffice.com and you set up DNS which claims that hostname has an external IP, it will be sad because it doesn't know how to reach that IP. You can use DNS split-horizon / views to return the internal IP when the machine asks, or simply keep your external and internal names separate. Ie, set up DNS like: int.myoffice.com A 192.168.0.6 ext.myoffice.com A ww.xx.yy.zz Regards, On the machine I have set the local names to point to 192.168.0.6 in the hosts file. I have not set up any dns except externally. I suppose that packets are arriving and being routed via NAT into the internal server which claim to be addressed to the router's external address. Can I add some simple route that fixes this? -- Robin Becker ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: no reverse dns
Hi, > Oct 29 17:14:39 int kernel: arplookup ww.xx.yy.zz failed: host is not on > local > network > > We have an external router connected as a dhcp server at 192.168.0.2 which > apparently has external address ww.xx.yy.zz. I am using a fixed ip address ie > > 192.168.0.6 > > I have this in my rc.conf > > defaultrouter="192.168.0.2" > hostname="int.myoffice.com" > ifconfig_em0="inet 192.168.0.6 netmask 255.255.255.0" > > > and have dns mapping int.myoffice.com --> ww.xx.yy.zz, but our ISP will not > make > the reverse mapping. I assume that we're trying to reverse lookup something > and > the lack of reverse dns is causing this issue. > > What can I add to my rc.conf to stop this arplookup problem? Hummm, I don't think that it is related to reverse dns. ARP is trying to map the IP address ww.xx.yy.zz with the MAC address. Your FreeBSD machine is on your private network, so when it is trying to access ww.xx.yy.zz (public IP) it should only redirect that to the router, and ARP would be maping the IP address of the router. Best regards, Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: no reverse dns
On Oct 29, 2008, at 11:10 AM, Robin Becker wrote: We have just moved offices and our freebsd machine has started complaining in the following terms Oct 29 17:14:39 int kernel: arplookup ww.xx.yy.zz failed: host is not on local network We have an external router connected as a dhcp server at 192.168.0.2 which apparently has external address ww.xx.yy.zz. I am using a fixed ip address ie 192.168.0.6 I have this in my rc.conf defaultrouter="192.168.0.2" hostname="int.myoffice.com" ifconfig_em0="inet 192.168.0.6 netmask 255.255.255.0" and have dns mapping int.myoffice.com --> ww.xx.yy.zz, If you tell the machine that it is int.myoffice.com and you set up DNS which claims that hostname has an external IP, it will be sad because it doesn't know how to reach that IP. You can use DNS split-horizon / views to return the internal IP when the machine asks, or simply keep your external and internal names separate. Ie, set up DNS like: int.myoffice.com A 192.168.0.6 ext.myoffice.com A ww.xx.yy.zz Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
no reverse dns
We have just moved offices and our freebsd machine has started complaining in the following terms Oct 29 17:14:39 int kernel: arplookup ww.xx.yy.zz failed: host is not on local network We have an external router connected as a dhcp server at 192.168.0.2 which apparently has external address ww.xx.yy.zz. I am using a fixed ip address ie 192.168.0.6 I have this in my rc.conf defaultrouter="192.168.0.2" hostname="int.myoffice.com" ifconfig_em0="inet 192.168.0.6 netmask 255.255.255.0" and have dns mapping int.myoffice.com --> ww.xx.yy.zz, but our ISP will not make the reverse mapping. I assume that we're trying to reverse lookup something and the lack of reverse dns is causing this issue. What can I add to my rc.conf to stop this arplookup problem? -- Robin Becker ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: no reverse DNS causing connectivity problems
[mailed and posted] On Jun 9, 2008, at 8:57 PM, Jake Evans wrote: I've had a few people complain that when they telnet/ssh/ftp/web to our server, it's slow... I've traced the problem to them having no reverse on their IPs. You should configure your servers to not do the reverse lookup. Not resolving is certainly the default for Apache. For sshd, set UseDNS to "no" in /etc/ssh/sshd_config. As for telnet and ftp, I don't know where that might be configured. Of course I don't know your needs and situation, but some people might consider it a reasonable policy to disallow ssh and telnet (and certainly mail) from hosts that don't have proper PTR records. -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: no reverse DNS causing connectivity problems
At 08:57 PM 6/9/2008, Jake Evans wrote: [Please cc in replies, not currently subscribed. Thank you.] I have a quick question that I can't seem to find an answer to via Google so far. I've had a few people complain that when they telnet/ssh/ftp/web to our server, it's slow... I've traced the problem to them having no reverse on their IPs. So basically their connection kinda hangs while the system waits to timeout on looking up their IP's reverse. From what I can tell, I should be able to just set "options timeout:n" and "options attempts:n" in resolv.conf.. BUT it seems FBSD's install doesn't allow you to do this. Does anyone know a workaround to this? I thought maybe of changing it directly in resolv.h but then I'd have to rebuild world I think..? Is there perhaps a sysctl solution? Thank you so much for your time. set UseDNS to no in /etc/sshd_config -Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
no reverse DNS causing connectivity problems
[Please cc in replies, not currently subscribed. Thank you.] I have a quick question that I can't seem to find an answer to via Google so far. I've had a few people complain that when they telnet/ssh/ftp/web to our server, it's slow... I've traced the problem to them having no reverse on their IPs. So basically their connection kinda hangs while the system waits to timeout on looking up their IP's reverse. From what I can tell, I should be able to just set "options timeout:n" and "options attempts:n" in resolv.conf.. BUT it seems FBSD's install doesn't allow you to do this. Does anyone know a workaround to this? I thought maybe of changing it directly in resolv.h but then I'd have to rebuild world I think..? Is there perhaps a sysctl solution? Thank you so much for your time. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Tinydns configuration... works, but no reverse dns
John Almberg wrote: > > I am using tinydns on my FreeBSD server. Normal DNS lookups work fine, > but I can't get reverse DNS to work. > > My colocation provider says they have delegated DNS to my name servers. > If there is a way to independently verify this, I don't know how to do > it, so I am taking their word for it. I'm a bind guy myself, so I can't answer to your tinydns configuration, but as to how to independently verify delegation, I find the following handy: freesparky# dig +trace -x 66.111.0.194 ; <<>> DiG 9.4.2 <<>> +trace -x 66.111.0.194 ;; global options: printcmd . 112878 IN NS A.ROOT-SERVERS.NET. . 112878 IN NS B.ROOT-SERVERS.NET. . 112878 IN NS C.ROOT-SERVERS.NET. . 112878 IN NS D.ROOT-SERVERS.NET. . 112878 IN NS E.ROOT-SERVERS.NET. . 112878 IN NS F.ROOT-SERVERS.NET. . 112878 IN NS G.ROOT-SERVERS.NET. . 112878 IN NS H.ROOT-SERVERS.NET. . 112878 IN NS I.ROOT-SERVERS.NET. . 112878 IN NS J.ROOT-SERVERS.NET. . 112878 IN NS K.ROOT-SERVERS.NET. . 112878 IN NS L.ROOT-SERVERS.NET. . 112878 IN NS M.ROOT-SERVERS.NET. ;; Received 272 bytes from 216.143.151.3#53(216.143.151.3) in 13 ms 66.in-addr.arpa.86400 IN NS indigo.ARIN.NET. 66.in-addr.arpa.86400 IN NS BASIL.ARIN.NET. 66.in-addr.arpa.86400 IN NS henna.ARIN.NET. 66.in-addr.arpa.86400 IN NS dill.ARIN.NET. 66.in-addr.arpa.86400 IN NS figwort.ARIN.NET. 66.in-addr.arpa.86400 IN NS chia.ARIN.NET. 66.in-addr.arpa.86400 IN NS epazote.ARIN.NET. ;; Received 194 bytes from 2001:dc3::35#53(M.ROOT-SERVERS.NET) in 107 ms 0.111.66.in-addr.arpa. 86400 IN NS auth1.ns.nyi.net. 0.111.66.in-addr.arpa. 86400 IN NS auth2.ns.nyi.net. ;; Received 93 bytes from 192.42.93.32#53(figwort.ARIN.NET) in 94 ms 194.0.111.66.in-addr.arpa. 86400 IN NS ns1.identry.com. 194.0.111.66.in-addr.arpa. 86400 IN NS ns2.identry.com. 194.0.111.66.in-addr.arpa. 86400 IN NS ns3.identry.com. ;; Received 140 bytes from 64.90.175.14#53(auth1.ns.nyi.net) in 16 ms dig: couldn't get address for 'ns3.identry.com': not found which does bring up the issue of why you refer to ns0 and ns1 in your question and your provider delegates to ns1, ns2, and ns3, the last of which doesn't appear to have an A record anywhere useful. A retry, using a different NS record this time: .trimmed 194.0.111.66.in-addr.arpa. 86400 IN NS ns1.identry.com. 194.0.111.66.in-addr.arpa. 86400 IN NS ns2.identry.com. 194.0.111.66.in-addr.arpa. 86400 IN NS ns3.identry.com. ;; Received 140 bytes from 64.90.175.14#53(auth1.ns.nyi.net) in 23 ms 194.0.111.66.in-addr.arpa. 3600 IN PTR on.identry.com. 0.111.66.in-addr.arpa. 259200 IN NS ns0.0.111.66.in-addr.arpa. 0.111.66.in-addr.arpa. 259200 IN NS ns1.0.111.66.in-addr.arpa. ;; Received 107 bytes from 66.111.0.253#53(ns1.identry.com) in 17 ms The PTR record looks reasonable, but those NS records...well. ;-) --Jon Radel smime.p7s Description: S/MIME Cryptographic Signature
Re: Tinydns configuration... works, but no reverse dns
freesparky# dig +trace -x 66.111.0.194 That *is* handy. which does bring up the issue of why you refer to ns0 and ns1 in your question and your provider delegates to ns1, ns2, and ns3, the last of which doesn't appear to have an A record anywhere useful. Ah, ha... I gave my provider ns0-ns2, but they typed ns1-ns3. I'll let them know. Very handy, indeed! Thanks: John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Tinydns configuration... works, but no reverse dns
I am using tinydns on my FreeBSD server. Normal DNS lookups work fine, but I can't get reverse DNS to work. My colocation provider says they have delegated DNS to my name servers. If there is a way to independently verify this, I don't know how to do it, so I am taking their word for it. My data file looks like this: # DNS .identry.com:66.111.0.195:ns0.identry.com .identry.com:66.111.0.252:ns1.identry.com .0.111.66.in-adr.arpa::ns0.identry.com:259200 .0.111.66.in-adr.arpa::ns1.identry.com:259200 # # Server Addresses # =on.identry.com:66.111.0.194:3600 =www.identry.com:66.111.0.206:3600 +identry.com:66.111.0.206 @identry.com::mx1.identry.com.:10:3600 =mx1.identry.com:66.111.0.196 When I run tinydns-get on the mx record, I get this: [EMAIL PROTECTED] /usr/local/etc/tinydns/root]# tinydns-get a mx1.identry.com 1 mx1.identry.com: 149 bytes, 1+1+2+4 records, response, authoritative, noerror query: 1 mx1.identry.com answer: mx1.identry.com 86400 A 66.111.0.196 authority: identry.com 259200 NS ns0.identry.com authority: identry.com 259200 NS ns1.identry.com additional: ns0.identry.com 259200 A 66.111.0.195 additional: ns1.identry.com 259200 A 66.111.0.252 However, when I try to do a reverse look up, I get nada: [EMAIL PROTECTED] /usr/local/etc/tinydns/root]# tinydns-get ptr 196.0.111.66.in-addr.arpa 12 196.0.111.66.in-addr.arpa: This set up worked at my previous colocation provider, so I suspect there is something different about they way they are delegating, but I'm far from a DNS expert. Any advice, much appreciated. Thanks: John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
OT: exim and no reverse dns
anyone know how to block email if they dont have reverse dns on pre-exim 4? I see call back stuff, and make em match stuff - but I want just, if it has NONE ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"