Jacques Nilo wrote: > Hi Matt > I just got your mail today. I have been out of town for a week. > I understand from what you say that the sshd/dnscache/tinydns documentation > needs some clarification. Indeed if you have tinydns running you should not > need to adjust /etc/hosts. > If you could suggest direct changes to the documentation I'll happily include > them. Writing doc takes time especially when you are not an English/US native. > But I also think documentation is a real necessity that is why I have always > tried to release one with my packages. > Jacques > >
Ok, I got around to this. In general, I suggest changing any reference from LRP to LEAF. I'll start with dnscache: http://leaf.sourceforge.net/devel/jnilo/dnscache3.html On the above page, and in the configuration files, I think that /etc/resolv.conf should be one of the files listed to be configured. If you make it the number 3.9 on that page, then you could say this: ============================================================= 3.9 resolv.conf This is the file where you tell the system to use dnscache for name resolution. Given a LEAF router named "myrouter" on the internal domain called "private.network" your machine's fully qualified domain name would be myrouter.private.network, and the dnscache would be listening on 192.168.1.254 if you followed the above examples. Then your /etc/resolv.conf would be: nameserver 192.168.1.254 search private.network ============================================================= Now I'll cover tinydns: ========================================================================== 2. Installing the tinydns.lrp package Important: Unless you just want to set-up a PUBLIC DNS serving the Web, you will need dnscache installed first! Be sure to configure your /etc/resolv.conf to point to dnscache, not tinydns. See the dnscache docs for how to do write that file. =========================================================================== Here's the changes I suggest for Section 3 (which includes spelling fixes additions, and changing the CIDR from /16 to /24). I took a closer look at your docs and they say to never list tinydns in /etc/resolv.conf. So I'll not suggest adding =localhost:127.0.0.1 to the soup, because dnscache knows that one. ================================================================== 3.2. Internal DNS IP address Enter here the address of your internal DNS. Default (127.0.0.1) should be OK in most cases. Even though some of the djbdns docs describe this as 192.168.1.254, they are refering to running tinydns without dnscache. In the case where you use both, and you should, then setup tinydns to listen on 127.0.0.1. 3.3. Edit private DNS server data file (to be done if DNSTYPE = PRIVATE or BOTH) Let's assume the following example: the internal address of the LEAF box is supposed to be 192.168.1.254, for the 192.168.1.0/24 network used on the inside of the firewall. The internal DNS will serve private names including example1.private.network and example2.private.network to the inside network only, as well as myrouter.private.network for its own internal interface. Edit the private DNS server data file ( /etc/tinydns-private/root/data ) and type : .private.network::ns1.private.network .1.168.192.in-addr.arpa::ns1.private.network =myrouter.private.network:192.168.1.254 +ns1.private.network:127.0.0.1 =example1.private.network:192.168.1.1 =example2.private.network:192.168.1.2 An entry that starts with an = sign creates both A and PTR records that allow a name to be translated to an address and that same address to reverse resolve back to the same name. An entry with a + only creates an A record. Those + entries are used to add another name to an address that's already assigned a name. The ns1 entry above is an alias because 127.0.0.1 always refers to the name "localhost" to start with. ============================================================================ Now onto ssh (spelling, word choice, and LRP --> LEAF) ====================================================== 2.1. Single floppy installation Let's start with the most complicated case: you only have one floppy disk drive on your LEAF box. Create a new diskette of the same format as your LEAF main disquette (1440K, 1680K or 1743K for example). On this diskette download the following packages libz.lrp, sshkey.lrp and sshd.lrp. If you are using Oxygen, substitute 'apkg' where you see 'lrpkg' below. Insert the new diskette on your LEAF box disk drive and type the following commands (assuming here a 1680K formatted diskette): ========================================================= ====================================================================== 2.2. Dual floppy drive or Hard drive installation If you have a second floppy drive or - even better a hard drive - the installation is straightforward. Just copy the following packages: libz.lrp, sshkey.lrp and sshd.lrp on your diskettes (wherever you can find space available :-)) or on your hard drive. On Dachstein or its derivatives, edit your syslinux.cfg file to declare the three new packages. Save and reboot. On Oxygen, you don't need to edit your syslinux.cfg because all .lrp packages on the diskette are automatically loaded. From your LEAF console type makekey to generate the openssh keys. Save sshd trough the lrcfg backup menu on Dachsteing or apkg on Oxygen, and you are all set. You can now remove the sshkey.lrp package from your diskette/hard drive and the corresponding declaration in syslinux.cfg, if any. ======================================================================== ============================================================= 4.2. It takes a very long time (1 or 2') to get the ssh connection to the router. Why ? Check your router /var/log/auth.log file. You will probably see a message like: Jan 26 19:52:43 firewall sshd[9209]: Could not reverse map address 192.168.1.10. 192.168.1.10 is the adress from which you have been trying to access the router. If you don't run dnscache and tinydns, you can fix this problem by adding a name address pair for that ip address to your /etc/hosts file, backup etc.lrp and your next ssh connection will only take a few seconds ! If it still takes a long time, then check your /etc/nsswitch.conf to see that your system is looking to /etc/hosts first before trying your nameserver listed in /etc/resolv.conf. If you run dnscache/tinydns, then check your resolv.conf to see if you configured it correctly to query dnscache for name lookups. See the dnscache docs for more info on how to configure /etc/resolv.conf. Don't modify your /etc/hosts if you run dnscache/tinydns because that's not needed. ============================================================== Ok that's about it. Take care, Matt _______________________________________________ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
