Christopher Sawtell wrote:
On Mon, 23 Aug 2004 21:46, David Upex wrote:I'd say that the file that defines 192.168.10 is fine, but there are errors in the one for 192.168.11.. ( or they've been added in with the ...10 data if I read the 'ou of zone data error message correctly ).
Because I've got two nics (plus a modem) on the my linux box, I thought
the two network cards they would have to be on seperate subnets. Is this
not correct?
That is correct. The size of the sub-net is defined by the net's mask.
so you could have your nets on ( say ) 192.168.10.xxx and 192.168.11.yyy and both nets would then have 24 bit masks. i.e. 255.255.255.0
I must say I'm no sys admin.
On Mon, 2004-08-23 at 21:21, Rik Tindall wrote:
modify your addresses to the same network:
eg. 192.168.10.1 & ..10.2
& let us know any change
David Upex wrote:
Hi,
I've set up a linux firewall (shorewall) running a DNS and I want to allow a Win2K box to connect to the internet. The connection between my XP box and my linux firewall is using wifi.
My firewall has both a ethernet card (192.168.11) and a wifi card (192.168.10) installed. I've setup a nameserver on the linux box.
I can connect to the internet from Windows if I type the IP address of the website, but it won't resolve domain names.
I think the problem is in my DNS configuration.
Can anyone offer some suggestions?
I get the following from /var/log/messages:
Aug 23 20:36:02 basil named[6767]: listening on IPv4 interface lo,
127.0.0.1#53
Aug 23 20:36:02 basil named[6767]: listening on IPv4 interface eth0,
192.168.11.1#53
Aug 23 20:36:02 basil named[6767]: listening on IPv4 interface ra0,
192.168.10.1#53
Aug 23 20:36:02 basil named[6767]: listening on IPv4 interface ppp0,
218.101.97.66#53
Aug 23 20:36:02 basil named[6767]: command channel listening on
127.0.0.1#953
Aug 23 20:36:02 basil named[6767]: zone 0.0.127.in-addr.arpa/IN: loaded
serial 1
Aug 23 20:36:02 basil named[6767]: zone 10.168.192.in-addr.arpa/IN:
loaded serial 200408221
Aug 23 20:36:02 basil named[6767]: dns_master_load: revp.192.168.11:6:
ignoring out-of-zone data (10.168.192.in-addr.arpa)
Aug 23 20:36:02 basil named[6767]: dns_master_load: revp.192.168.11:18:
ignoring out-of-zone data (1.11.168.192.in-arpa)
Aug 23 20:36:02 basil named[6767]: dns_master_load: revp.192.168.11:19:
ignoring out-of-zone data (2.11.168.192.in-arpa)
Aug 23 20:36:02 basil named[6767]: zone 11.168.192.in-addr.arpa/IN:
could not find NS and/or SOA records
Aug 23 20:36:02 basil named[6767]: zone 11.168.192.in-addr.arpa/IN: has
0 SOA records
Aug 23 20:36:02 basil named[6767]: zone 11.168.192.in-addr.arpa/IN: has
no NS records
Assuming you're using bind, you need an entry like
zone "11.168.192.in-addr.arpa" IN {
type master;
file "named.11";
allow-update { none; };
};
for each zone in /etc/named.conf.
This file contains...
$TTL 86400
@ IN SOA localhost. root.localhost. (
2004082301; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.6 IN PTR client6. 18 IN PTR client18.
and so on.
The zone entry in /etc/named.conf tells you that it is the master server for this domain, and the named.11 file ( for fedora it's in /var/named by default, but that's defined in /etc/named.conf as well ) defines the contents for this subnet.
You can mix subnet definitions in the domain lookups ( ie myhomenetwork can contain entries for client1 = 192.168.10.1, client2 = 192.168.11.2 )
but the zone lookup files are specific to a subnet.
It says it's listening on 4 interfaces, you may want to restrict that to your internal networks.
O'Reilly's DNS and BIND book is the perfoect reference. I can lend you the 3rd edition if you want. It only goes to Bind 8, and we're on 9.something now ( it's been a while since i did this in anger ), but it'll get you started.
Cheers,
Steve
PS. Text books. They cost a fortune. How about some kind of library scheme with CLUG?
