On Mon, Jan 22, 2001 at 05:10:49PM -0600, maverick <[EMAIL PROTECTED]> wrote:
> [...]
> It would appear that the E-Smith box is not allowing connections to go out
> to the NTP server that I chose to use (140.221.9.6) ... I know this is a
> good server as it works fine on the NTP clients on my Windoze boxen behind
> the E-Smith machine.
Please check the status page before reporting problems - this one is a known
problem, with a fix.
http://www.e-smith.org/release/4.1-beta3/status/index.php3
> [...]
> This appears to be a Micro$oft fake address being denied access to the dns
> server on the e-smith machine (192.168.1.1) - but, all of the Windoze
> machines behind the E-Smith machine can still resolve dns even with
> 192.168.1.1 as their only dns server...
Yes - that's the _CORRECT_ way to set things up. If you set up clients with
DHCP (as recommended by Microsoft) it is the only configured DNS server.
> We've got 5 Windoze boxen behind the E-Smith machine. At first, I had them
> all setup to use 192.168.1.1 (E-Smith machine) as their primary dns server
> and had them setup to use our ISP's primary dns server as their backup.
That's incorrect. Your ISP can't resolve names from your local LAN. You will
experience random and bizarre failures.
> When setup like that, the above errors would randomly appear in the messages
> log throughout the day (sometimes just one or two lines worth - sometimes 3
> pages worth).
Yes. Your clients should not talk with outside DNS servers. If anyone
needs to, the e-smith server should.
> At other times it would be the same lines as above, but instead of
> 192.168.1.1:53 being the address that the fake Windoze address couldn't
> reach, it would be the address that was setup in Windoze as the secondary
> dns server.
Yep.
> I have now gone back and removed the secondary dns servers from all of the
> Windoze machines and just left 192.168.1.1 in for a dns server - and the
> errors have stopped.
<:-) >
Patient: Doctor, it hurts when I hit myself
Doctor: Don't hit yourself
< /:-) >
> The fact that the errors have stopped is great and all, but it does not
> explain what the problem is.
Yes it does. We block packets which shouldn't be coming in. And DNS queries
to outside nameservers shouldn't be coming from/going to client machines.
> Any suggestions on fixing the above issues would be greatly appreciated.
Problem 1 is on the known issues page. Problem 2 is client misconfiguration -
use DHCP, or configure with the settings DHCP would provide.
Gordon
--
Gordon Rowell [EMAIL PROTECTED]
http://www.e-smith.org (development) http://www.e-smith.com (corporate)
Phone: +1 (613) 564 8000 ext. 4378 Fax: +1 (613) 564 7739
e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada
