On Wed, 16 Jun 1999 18:14:35 +0100 (BST), hai scritto:One thing that is clear is that when named starts it tries to reach one of the
root nameservers in order to get a new list of the root servers (this is
explained in the docs).To stop this I was told to change from
zone "." {
type hint;
I had been having similar problems, which now are solved. My DNS
is BIND-8.1.2, host.conf has 'order bind' (ie, I'm not using the 'hosts'
file for name service) and resolv.conf has the single nameserver 127.0.0.1.
Win boxes point to the linux box for DNS and as default gateway.
diald worked fine, except that if the connection died it wouldn't come up when I sent news or mail, or clicked on a link to a page on the last server which had sent me a webpage. However, if I clicked on a link to another server, diald brought up the link. Very puzzling!
After staring at tcpdumps for a long while, I made a change to my firewall (ipchains -F forward; ipchains -A forward -j ACCEPT) while the ppp0 link is down, and it solved all my remaining diald misbehavior. Here's my named.conf:
// modified 5/18/1999
options {
directory "/var/named";
// next line points to ISP's nameservers
forwarders { 207.66.20.12; 207.66.20.13; };
};
zone "." {
type hint;
file "named.ca";
};
zone "myprivatedomainname.com" {
notify no;
type master;
file "named.hosts";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "named.local";
};
zone "0.168.192.in-addr.arpa" {
notify no;
type master;
file "named.rev";
};
Here's my diald filter, which takes ignores certain requests for DNS, net-bios, etc:
# diald rules - included by /etc/diald/diald.conf
#
# rules 1 thru 5
ignore tcp tcp.fin
keepup tcp 120 tcp.ack,tcp.source=tcp.http
accept tcp 300 tcp.dest=tcp.http
keepup tcp 60 tcp.ack,tcp.source=tcp.ftp-data
keepup tcp 60 tcp.ack,tcp.dest=tcp.ftp-data
# rules 6 thru 10
keepup tcp 60 tcp.ack,tcp.dest=tcp.ftp
keepup tcp 60 tcp.ack,tcp.source=tcp.ftp
keepup tcp 20 tcp.ack
ignore tcp tcp.ack
accept tcp 120 tcp.syn
# rules 11 thru 15
ignore tcp tcp.source=tcp.domain
ignore tcp tcp.dest=tcp.domain
accept tcp 5 ip.tot_len=40,tcp.syn
ignore tcp ip.tot_len=40,tcp.live
accept tcp 300 tcp.dest=tcp.http
# rules 16 thru 20
accept tcp 300 tcp.source=tcp.http
keepup tcp 5 !tcp.live
ignore tcp !tcp.live
accept tcp 60 tcp.dest=tcp.ftp
accept tcp 60 tcp.source=tcp.ftp
# rules 21 thru 25
accept tcp 60 tcp.dest=tcp.ftp-data
accept tcp 60 tcp.source=tcp.ftp-data
keepup tcp 300 any
ignore udp udp.dest=udp.who
ignore udp udp.source=udp.who
# rules 26 thru 30
ignore udp udp.dest=udp.route
ignore udp udp.source=udp.route
ignore udp udp.dest=udp.ntp
ignore udp udp.source=udp.ntp
ignore udp udp.dest=udp.timed
# rules 31 thru 35
ignore udp udp.source=udp.timed
ignore udp udp.dest=udp.domain,udp.source=udp.domain
accept udp 30 udp.dest=udp.domain
accept udp 30 udp.source=udp.domain
ignore udp udp.source=udp.netbios-ns,udp.dest=udp.netbios-ns
# rules 36 thru 40
ignore udp udp.dest=udp.netbios-ns
ignore udp udp.source=udp.netbios-ns
ignore udp tcp.dest=udp.route
ignore udp tcp.source=udp.route
accept udp 300 any
# rule 41 thru 43
ignore any ip.tot_len=60,ip.daddr=224.0.0.10
accept any 300 any
impulse 300,0,0
-Mark - To unsubscribe from this list: send the line "unsubscribe linux-diald" in the body of a message to [EMAIL PROTECTED]
