Re: SRV records can't point to CNAMEs
[Andreas B. Mundt] > That's why I changed them pointing to tjener.intern, the machine > where the service is actually running after the default > installation. Right. I misread the diff when I quickly had a look. Pointing to tjener should not be in conflict with the DNS spec. > To move services to other machines, these pointers have to be > changed accordingly. (With multiple A-records in place, you have to > modify the A-records and PTR-records to correspond to the new > machine. In that case you can leave the SRV-records untouched. Now > you have to add the PTR- and A-record to the new machine, remove the > CNAME and modify the SRV-record to point to that new machine.) I believe the sssd setup will actually copy the SRV pointed setting to /etc/sssd/sssd.conf, and thus not work in this case. For that to work, the SRV records need to point to the service DNS name (like ldap.intern), and we are back where we started. Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110217211014.gd26...@login1.uio.no
Re: SRV records can't point to CNAMEs (Was: r73002 - in trunk/src/debian-edu-config: debian etc/bind ldap-bootstrap)
On Thu, Feb 17, 2011 at 06:03:02PM +0100, Petter Reinholdtsen wrote: > > [Andreas B. Mundt] > > Remove duplicate A-records from DNS configuration to make sure the > > reverse address mapping needed for reliably issuing a Kerberos service > > ticket works. To move services to another machine, add the machine to > > DNS, remove the CNAME-record(s) and modify the service record(s) to > > point to that new machine. > > (Cf. http://lists.debian.org/debian-edu/2011/01/msg00041.html> and > > tread). > > DNS do not allow SRV records to point to CNAME entries. To avoid > breaking the DNS specification, a different solution is needed. > That's why I changed them pointing to tjener.intern, the machine where the service is actually running after the default installation. To move services to other machines, these pointers have to be changed accordingly. (With multiple A-records in place, you have to modify the A-records and PTR-records to correspond to the new machine. In that case you can leave the SRV-records untouched. Now you have to add the PTR- and A-record to the new machine, remove the CNAME and modify the SRV-record to point to that new machine.) Is there a problem with that I've missed? Regards, Andi -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110217191331.GA30460@flashgordon
Re: Where do I see the DNS settings used i Lenny
Ok, I have tried to talk to the folks at Atea, but they tells me that this is a Linux problem. ( Atea is the leading Nordic and Baltic supplier of IT infrastructure with approximately 5,400 employees) When we moved in to the new school one year ago we had the same problems, the solution was to route our school on the outside of the "gateway-security-filter". But after an "upgrade" we are forced back, and have to use the same gateway as all the other schools in the region. Diskless Clients can surf on the Internet, but it is slow. The server can surf on the Internet. Laptops using Ubuntu linux on 10.0.2-network can't surf on the internet. Ubuntu PC's can ping adresses on the outside of the filtering-gateway, and skolelinux.org resolves to 158.36.191.137 It is almost not possible to update Ubuntu PCs It is not possible to update SLX servers, apt hangs on "waiting for headers" At school we have 3 different networks. One for the pupils, one for administration and theachers, and one for art/music-school. On the two first networks I run slx-servers. The third network is administrated by the admin-staff at the town hall. When i try an Ubuntu PC at this network the same thing happens. I can ping and trace skolelinux.org, and it resolves to 158.36.191.137. But I can't surf the web, and I can't install or update software because of timeout. All PC's and clients can with no problems view webpages that are on servers on the inside of the filtering-gateway. E.g Sunndal.kommune.no - www.tingvoll.kommune.no, www.kristiansund.kommune.no and so on... I've tried to use rsync to get the latest DVD, but it is not possible. SSH is also blocked, so I can't use SSH to user.skolinux.no, and I can't update the schools webpage using scp This is so fun... OleA Den 17.02.11 14.30, skrev Klaus Ade Johnstad: Torsdag 17. februar 2011 13.01.17 skrev Ole-Anders Andreassen : Things worked fine until a few days ago, then they changed someting on the outside of our network, and I have been told that everything should be transparent. OleA Right, honestly, I think you should have a talk with those that changed something on the outside of your network, as the cahnage and your problem seems to coincide.
SRV records can't point to CNAMEs (Was: r73002 - in trunk/src/debian-edu-config: debian etc/bind ldap-bootstrap)
[Andreas B. Mundt] > Remove duplicate A-records from DNS configuration to make sure the > reverse address mapping needed for reliably issuing a Kerberos service > ticket works. To move services to another machine, add the machine to > DNS, remove the CNAME-record(s) and modify the service record(s) to > point to that new machine. > (Cf. http://lists.debian.org/debian-edu/2011/01/msg00041.html> and > tread). DNS do not allow SRV records to point to CNAME entries. To avoid breaking the DNS specification, a different solution is needed. Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110217170302.ga26...@login1.uio.no
Re: Where do I see the DNS settings used i Lenny
Torsdag 17. februar 2011 13.01.17 skrev Ole-Anders Andreassen : > Things worked fine until a few days ago, then they changed someting > on the outside of our network, and I have been told that everything > should be transparent. > > OleA Right, honestly, I think you should have a talk with those that changed something on the outside of your network, as the cahnage and your problem seems to coincide. -- Klaus Ade kl...@bzz.no 67E61D18B2C44F8A3DA35C6D849F9F5F 26FA477D signature.asc Description: This is a digitally signed message part.
Re: DVD works again: please test, report and contribute to debian-edu-squeeze
Hi Andi, On Mi 16 Feb 2011 23:10:48 CET "Andreas B. Mundt" wrote: Hi all, I am happy to report that the latest test-DVD of our forthcoming debian-edu-squeeze release is ready for testing. It includes Kerberos user (and mail) authorization, GOsa as LDAP admin tool and bind as DNS. The home directory is distributed via NFSv4. You can rsync your DVD with: rsync -avzP ftp.skolelinux.org::cd-squeeze-test-dvd/debian-edu-amd64-i386-DVD-1.iso debian-edu-DVD-1-squeeze.iso It's the first time that all these components work together in our setup, so don't expect a perfect system yet. However, please test and report issues, in order to make polishing the setup easier. To work around the (yet) missing netgroup support, modify /etc/exports to allow all hosts (replace @ by a *) if you need home directories mounted. If all goes well, we hopefully can prepare a release candidate soon, perhaps with netgroup support and Kerberos NFSv4. Happy testing, Andi This is great news I will test ASAP (which might take a bit because of a cold that came over me). Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 GnuPG Key ID 0xB588399B mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgpAIq2SdKpc2.pgp Description: Digitale PGP-Unterschrift
Re: DVD works again: please test, report and contribute to debian-edu-squeeze
rsync is not possible trough the regional gateway-filter-firewall-thing. How can I run rsync troung a tunnel? You can rsync your DVD with: rsync -avzP ftp.skolelinux.org::cd-squeeze-test-dvd/debian-edu-amd64-i386-DVD-1.iso debian-edu-DVD-1-squeeze.iso -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d5d12e5.8060...@skolelinux.no
Re: Where do I see the DNS settings used i Lenny
Klaus Ade Johnstad skrev: Torsdag 17. februar 2011 12.17.42 skrev Ole-Anders Andreassen: IPCop, and it is my FW :) All the machines are on the same network. 10.0.2.xx and 10.0.3xx OleA This is a PITA trying to resolve without direct access to such a network. But, did "something" happen before this stopped working? Was something changed? I guess it at one pint it did work? Things worked fine until a few days ago, then they changed someting on the outside of our network, and I have been told that everything should be transparent. OleA -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d5d0e0d.8000...@skolelinux.no
Re: Where do I see the DNS settings used i Lenny
Torsdag 17. februar 2011 12.17.42 skrev Ole-Anders Andreassen: > IPCop, and it is my FW :) > > All the machines are on the same network. 10.0.2.xx and 10.0.3xx > > OleA This is a PITA trying to resolve without direct access to such a network. But, did "something" happen before this stopped working? Was something changed? I guess it at one pint it did work? -- Klaus Ade kl...@bzz.no 67E61D18B2C44F8A3DA35C6D849F9F5F 26FA477D signature.asc Description: This is a digitally signed message part.
Re: Where do I see the DNS settings used i Lenny
Klaus Ade Johnstad skrev: Torsdag 17. februar 2011 11.39.23 skrev Ole-Anders Andreassen : For some strange reason guest-PC running Linux are no longer able to access the Internet. PCs with Windows seems to run ok, and Mac's as well. All these machines are on the same network I guess? And what kind of firewall is this? Is it under your controll? IPCop, and it is my FW :) All the machines are on the same network. 10.0.2.xx and 10.0.3xx OleA -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d5d03d6.7070...@skolelinux.no
Re: Where do I see the DNS settings used i Lenny
Torsdag 17. februar 2011 11.39.23 skrev Ole-Anders Andreassen : > For some strange reason guest-PC running Linux are no longer able to > access the Internet. PCs with Windows seems to run ok, and Mac's as > well. All these machines are on the same network I guess? And what kind of firewall is this? Is it under your controll? -- Klaus Ade kl...@bzz.no 67E61D18B2C44F8A3DA35C6D849F9F5F 26FA477D signature.asc Description: This is a digitally signed message part.
Re: Where do I see the DNS settings used i Lenny
For some strange reason guest-PC running Linux are no longer able to access the Internet. PCs with Windows seems to run ok, and Mac's as well. Another strange thing is that from a diskless klient or the server, I can't access the firewall web interface. Squid is stopping me. But from a "guest PC" I can access the firewall web interface. In short: Diskless (and server) can access internet, but not firewall webgui Laptops with ubuntu can't access internet, but can access firewall webgui OleA -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d5cfadb.2030...@skolelinux.no
Re: Where do I see the DNS settings used i Lenny
Torsdag 17. februar 2011 00.08.16 skrev Ole-Anders Andreassen : > Where can I easiest find the DNS settings used in Lenny? > Are there any short-cuts to show info about the network-setup, > IP-ranges, netmask, routing, DNS and so on? > > OleA Difficult to answer when not knowing what your are specifically really after, but: It's mostly in the files: /etc/network/interfaces /etc/hosts /etc/resolv.conf And commands likes: route -vn ifconfig nslookup host dig -- Klaus Ade 67E61D18B2C44F8A3DA35C6D849F9F5F 26FA477D signature.asc Description: This is a digitally signed message part.