Re: named setup problems
On Thu, Jul 16, 1998 at 03:28:21PM -0500, Jens B. Jorgensen wrote: Stephen J. Carpenter wrote: On Thu, Jul 16, 1998 at 10:17:45AM -0500, Jens B. Jorgensen wrote: Hack is the word alright. My opinion is that you're attacking this problem the wrong way though. Now let me make sure I've got it right. When your connection is down (diald? pon? xisp? ???) programs are trying to make DNS lookups and these programs hang for a long time waiting for a DNS response which doesn't come back. What names are they looking up? It stands to reason that unless you're trying to use the internet you shouldn't need to look up any host which isn't local. There no reason not to have local hosts in your local bind database, right? Well the thing is... I have worked out how to swicth between online and offline modes...actually simple... the idea is to have 2 dirs /var/named-online and /var/named-offline then have /var/named a sym link to the proper one. in the same script that changes the sym link issue kill -SIGHUP `cat /var/run/named.pid` My question is on how to setup named so that it is capable of answering the queries of my machines about eachother (ie if kitty wants to resolve shit-box.carpanet to check out the web server) You don't *need* two different files. I don't understand why you do. Just go ahead and make your named the authoritative name server for carpanet. Forward other requests outside. This should work just fine. Why is it you think you need two configurations? The reason for 2 files is that when the name server knows about the real root servers and is not connected to the internet... it behaves badly. It tries to conect to them and then waits a long time before it comes back with an error. At least that is what I used to observe a while ago...in fact I had a samba server that would become unacessable to new connections every 10 hours because it was stuck trying to make a name resolution call and would work almost immediately again as soon as I connected to the net I want to avoid these situations -Steve -- ** Stephen Carpenter ** ** ** ** ** ** ** ** ** ** ** ** [EMAIL PROTECTED] ** All authority is quite degrading. -- Oscar Wilde pgp1cSnJzGcft.pgp Description: PGP signature
Re: named setup problems
[EMAIL PROTECTED] wrote: On Thu, Jul 16, 1998 at 03:28:21PM -0500, Jens B. Jorgensen wrote: Stephen J. Carpenter wrote: On Thu, Jul 16, 1998 at 10:17:45AM -0500, Jens B. Jorgensen wrote: Hack is the word alright. My opinion is that you're attacking this problem the wrong way though. Now let me make sure I've got it right. When your connection is down (diald? pon? xisp? ???) programs are trying to make DNS lookups and these programs hang for a long time waiting for a DNS response which doesn't come back. What names are they looking up? It stands to reason that unless you're trying to use the internet you shouldn't need to look up any host which isn't local. There no reason not to have local hosts in your local bind database, right? Well the thing is... I have worked out how to swicth between online and offline modes...actually simple... the idea is to have 2 dirs /var/named-online and /var/named-offline then have /var/named a sym link to the proper one. in the same script that changes the sym link issue kill -SIGHUP `cat /var/run/named.pid` My question is on how to setup named so that it is capable of answering the queries of my machines about eachother (ie if kitty wants to resolve shit-box.carpanet to check out the web server) You don't *need* two different files. I don't understand why you do. Just go ahead and make your named the authoritative name server for carpanet. Forward other requests outside. This should work just fine. Why is it you think you need two configurations? The reason for 2 files is that when the name server knows about the real root servers and is not connected to the internet... it behaves badly. It tries to conect to them and then waits a long time before it comes back with an error. At least that is what I used to observe a while ago...in fact I had a samba server that would become unacessable to new connections every 10 hours because it was stuck trying to make a name resolution call and would work almost immediately again as soon as I connected to the net I want to avoid these situations Ok, I understand the problem. I believe it makes a lot more sense to find out *what* names are being looked up and *why* and solve the real problem rather than shoehorn in some kludge. As I said, logically you only need to look up external names when you're connected to the net. Otherwise you won't need to. It sounds like you need to set up your own zone for carpanet. If you haven't done this then this is most likely why you're seeing the problem. I'm emailing you (separately from this message) a set of files for you to put in /var/named. I've assumed you're using the 192.168.0 net at home. You can modify it for whatever else you have. Take a look at all the files (except for named.root--I didn't change that at all) before using. -- Jens B. Jorgensen [EMAIL PROTECTED] -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: named setup problems
Jens B. Jorgensen [EMAIL PROTECTED] writes: I believe it makes a lot more sense to find out *what* names are being looked up and *why* and solve the real problem rather than shoehorn in some kludge. I knew there was something I was forgetting to mention! As I said, logically you only need to look up external names when you're connected to the net. Otherwise you won't need to. It sounds like you need to set up your own zone for carpanet. If you haven't done this then this is most likely why you're seeing the problem. *nod* that's what I was suspecting. If you don't have _any_ internal name service [serving your local names and going to the root for names it doesn't know], then as long as you don't type names that your server doesn't know when your not connected you won't see a delay. If you _don't_ have an internal server, and your just using /etc/hosts to serve your internal names, and your resolvers point to external nameservers, the query will go to the external name server, and then resolve from /etc/hosts if the external doesn't answer... that's where the time delay comes in. [I know in one of the VMS products I'm responsible for we allow for control of the ordering of the local lookups vs. the remote lookups, but that's something I've not gotten around to writing up and recommending to ISC, and I havn't had time to analyse the BIND 8 resolver to see if the funky changes in there allow for changing the resolving order]. -Jeff * | Jeff Schreiber | System administrators are, of course, | | aka - Spectre | incorruptible. You can offer me any | | [EMAIL PROTECTED] | amount of money. And you can believe | | | me, because I'm always right, and I| | | never lie. | | | (Paul Sand - [EMAIL PROTECTED]) | * -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: named setup problems
[EMAIL PROTECTED] wrote: On Thu, Jul 16, 1998 at 03:28:21PM -0500, Jens B. Jorgensen wrote: Stephen J. Carpenter wrote: On Thu, Jul 16, 1998 at 10:17:45AM -0500, Jens B. Jorgensen wrote: Hack is the word alright. My opinion is that you're attacking this problem the wrong way though. Now let me make sure I've got it right. When your connection is down (diald? pon? xisp? ???) programs are trying to make DNS lookups and these programs hang for a long time waiting for a DNS response which doesn't come back. What names are they looking up? It stands to reason that unless you're trying to use the internet you shouldn't need to look up any host which isn't local. There no reason not to have local hosts in your local bind database, right? Well the thing is... I have worked out how to swicth between online and offline modes...actually simple... the idea is to have 2 dirs /var/named-online and /var/named-offline then have /var/named a sym link to the proper one. in the same script that changes the sym link issue kill -SIGHUP `cat /var/run/named.pid` My question is on how to setup named so that it is capable of answering the queries of my machines about eachother (ie if kitty wants to resolve shit-box.carpanet to check out the web server) You don't *need* two different files. I don't understand why you do. Just go ahead and make your named the authoritative name server for carpanet. Forward other requests outside. This should work just fine. Why is it you think you need two configurations? The reason for 2 files is that when the name server knows about the real root servers and is not connected to the internet... it behaves badly. It tries to conect to them and then waits a long time before it comes back with an error. At least that is what I used to observe a while ago...in fact I had a samba server that would become unacessable to new connections every 10 hours because it was stuck trying to make a name resolution call and would work almost immediately again as soon as I connected to the net I want to avoid these situations Oh, I forgot to add: when you get your named files set up, add 'options querly-log' to boot.options so that named will send all queries it receives to syslog. This way you can find out what the offending name lookups are. -- Jens B. Jorgensen [EMAIL PROTECTED] -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: named setup problems
Jeff Schreiber wrote: Jens B. Jorgensen [EMAIL PROTECTED] writes: I believe it makes a lot more sense to find out *what* names are being looked up and *why* and solve the real problem rather than shoehorn in some kludge. I knew there was something I was forgetting to mention! As I said, logically you only need to look up external names when you're connected to the net. Otherwise you won't need to. It sounds like you need to set up your own zone for carpanet. If you haven't done this then this is most likely why you're seeing the problem. *nod* that's what I was suspecting. If you don't have _any_ internal name service [serving your local names and going to the root for names it doesn't know], then as long as you don't type names that your server doesn't know when your not connected you won't see a delay. If you _don't_ have an internal server, and your just using /etc/hosts to serve your internal names, and your resolvers point to external nameservers, the query will go to the external name server, and then resolve from /etc/hosts if the external doesn't answer... that's where the time delay comes in. [I know in one of the VMS products I'm responsible for we allow for control of the ordering of the local lookups vs. the remote lookups, but that's something I've not gotten around to writing up and recommending to ISC, and I havn't had time to analyse the BIND 8 resolver to see if the funky changes in there allow for changing the resolving order]. Ah yes, but I suspect that it's name queries from machines other than the linux box which are contributing to the problem. In this case editing /etc/hosts and /etc/resolv.conf won't help since named doesn't use these files at all. Actually, my best guess is that the problem is two-pronged. Stephen mentioned that smbd was hanging waiting for a name queries and like so often is the case, the difficulty is that smbd wants to log a message to syslog with the name of the host connecting and is doing a gethostbyaddr on the IP address of a windoze client. If he doesn't have an entry in /etc/hosts (or entries in /var/named/XXX) for these hosts then the query will be forwarded out to external named's. That's why I'm suggesting a course of action where the first step is to set up a named database with all the hosts and then use logging (specify 'options query-log' in /var/named/boot.options --thanks for catching my typo Jeff!) to see what queries are going out to the net. I myself had a similar problem which vexed me for some time. I thought I had a complete database until I realized I was using 127.0.0.2 and 127.0.0.3 for diald but had not defined names for these IPs anywhere. Doh! -- Jens B. Jorgensen [EMAIL PROTECTED] -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
RE: named setup problems
Stephen J. Carpenter [EMAIL PROTECTED] writes: then setup one of them so that it has no knowledge of any root servers and is the primary nameserver for the network...and list no other outside adresses or nameservers anywhere. I'm not sure I am completely understanding the issue that you are having. Are you planning to have the internal systems stay internal, and have the external system [spiderman] resolv off of the internet? What I would suggest is: 1) Setup an internal root server on your linux box. All these zones would have an NS record pointing back to your linux box. - Have the typical 0.0.127.in-addr.arpa that has a PTR for 1 [.0.0.127.in-addr.arpa] to localhost. - Have the typical localhost domain that points to 127.0.0.1 - Have a carpanet domain with A records for the names of your 10.0.0 systems. - Have a 0.0.10.in-addr.arpa domain that has the PTRs for for your internal names. - [the important part] instead of a . cache zone, you will want a . primary zone, so that your internal server is authoritive for everything. This should have the NS for your linux box. You could have all the above information in this zone, but it's a little cleaner to seperate it to seperate zones. Now if any of your internal zones were being served off another system, you would want NS delegations for those zones to the other system [and glue A records if the name of the system is within the zone that it serves]. 2) Set up your Win95 system as a caching server with the typical root servers in the root hints file [the cache zone]. You _may_ also want to set it up as secondary to your internal zones [with your linux as primary] so that your Win95 nameserver can resolve things like shit-box.carpanet. If your using BIND 8, you may want to set the secondary zones with allow-query to just be your 10.0.0 subnet, so that there is no real concern that external requests to your server won't resolve your internal addresses... you may also want to setup allow-transfer on those zones to prevent remote systems from getting information about your internal network [like all the names and IP addresses, and all that. Another thing you could do is to have your PPP dialup change your config some. Replace your root config file with a normal file that has the root server hints, and reload your server... then replace it back and reload when your connection closes but that would be a little more challenging. There are a lot of other things you can do with forwarding and forward servers, and forward-only servers and all that if the above wasn't really what you were looking for... let us know. -Jeff -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: named setup problems
Hack is the word alright. My opinion is that you're attacking this problem the wrong way though. Now let me make sure I've got it right. When your connection is down (diald? pon? xisp? ???) programs are trying to make DNS lookups and these programs hang for a long time waiting for a DNS response which doesn't come back. What names are they looking up? It stands to reason that unless you're trying to use the internet you shouldn't need to look up any host which isn't local. There no reason not to have local hosts in your local bind database, right? Stephen J. Carpenter wrote: I have been trying to solve some issues for myself by making my own version of a dynamic IP hack. I think its a great idea but implimenting it is proving tough. The reason is this: I have 127.0.0.1 setup as my main name server. whenever my ppp connection is not up, any program which ends up causing a DNS lookup can be a PITA ...since it tends to try and wait for a long time. the workaround has been to kill named but...My machine is setup as the nameserver by all the machines on my network (woo hoo...all 3 of them) anyway here was my idea: copy the bind setup... then setup one of them so that it has no knowledge of any root servers and is the primary nameserver for the network...and list no other outside adresses or nameservers anywhere. This would basically be the setup of a machine that is never to be internet connected. The other setup wouyld have those configs and also know about internet nameservers and cache requests to them How do I setthis up? I have read the BIND docs...I even read the manual by Paul Vixie: Name Server Operations Guide for BIND I just can't figure out exactly how to set it up... my setup: I have a network of 3 machines: Win95 machine name: Spiderman (my father's PC..he named it) 10.0.0.35 Linux Box: Shit-Box 10.0.0.42 my girlfriends Mac: kitty 10.0.0.11 Shit-Box (name has a long story attached ;) ) is the internet gateway (when ppp is up), the web server, the name server, mail server, etc... I would provide more info but...I needed bind working so I had to dpkg -r bind...then trash the config and re-install it (I screwed it and my backup setup both up) currently I am calling my network carpanet (as in Shit-box.carpanet) can anyone help set this up? any pointers to more good info (Paul Vixie's manual is very good but obviously isn't doing it for me) -Steve -- /* -- Stephen Carpenter [EMAIL PROTECTED] -- */ A favorite quote from a source I forget: Only Microsoft can take an algorithim that has been under years of public scrutiny and weaken it to the point where the entire key space can be searched in 3 days -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null -- Jens B. Jorgensen [EMAIL PROTECTED] -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: named setup problems
On Thu, Jul 16, 1998 at 10:17:45AM -0500, Jens B. Jorgensen wrote: Hack is the word alright. My opinion is that you're attacking this problem the wrong way though. Now let me make sure I've got it right. When your connection is down (diald? pon? xisp? ???) programs are trying to make DNS lookups and these programs hang for a long time waiting for a DNS response which doesn't come back. What names are they looking up? It stands to reason that unless you're trying to use the internet you shouldn't need to look up any host which isn't local. There no reason not to have local hosts in your local bind database, right? Well the thing is... I have worked out how to swicth between online and offline modes...actually simple... the idea is to have 2 dirs /var/named-online and /var/named-offline then have /var/named a sym link to the proper one. in the same script that changes the sym link issue kill -SIGHUP `cat /var/run/named.pid` My question is on how to setup named so that it is capable of answering the queries of my machines about eachother (ie if kitty wants to resolve shit-box.carpanet to check out the web server) -Steve Stephen J. Carpenter wrote: I have been trying to solve some issues for myself by making my own version of a dynamic IP hack. I think its a great idea but implimenting it is proving tough. The reason is this: I have 127.0.0.1 setup as my main name server. whenever my ppp connection is not up, any program which ends up causing a DNS lookup can be a PITA ...since it tends to try and wait for a long time. the workaround has been to kill named but...My machine is setup as the nameserver by all the machines on my network (woo hoo...all 3 of them) anyway here was my idea: copy the bind setup... then setup one of them so that it has no knowledge of any root servers and is the primary nameserver for the network...and list no other outside adresses or nameservers anywhere. This would basically be the setup of a machine that is never to be internet connected. The other setup wouyld have those configs and also know about internet nameservers and cache requests to them How do I setthis up? I have read the BIND docs...I even read the manual by Paul Vixie: Name Server Operations Guide for BIND I just can't figure out exactly how to set it up... my setup: I have a network of 3 machines: Win95 machine name: Spiderman (my father's PC..he named it) 10.0.0.35 Linux Box: Shit-Box 10.0.0.42 my girlfriends Mac: kitty 10.0.0.11 Shit-Box (name has a long story attached ;) ) is the internet gateway (when ppp is up), the web server, the name server, mail server, etc... I would provide more info but...I needed bind working so I had to dpkg -r bind...then trash the config and re-install it (I screwed it and my backup setup both up) currently I am calling my network carpanet (as in Shit-box.carpanet) can anyone help set this up? any pointers to more good info (Paul Vixie's manual is very good but obviously isn't doing it for me) -Steve -- /* -- Stephen Carpenter [EMAIL PROTECTED] -- */ A favorite quote from a source I forget: Only Microsoft can take an algorithim that has been under years of public scrutiny and weaken it to the point where the entire key space can be searched in 3 days -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null -- Jens B. Jorgensen [EMAIL PROTECTED] -- /* -- Stephen Carpenter [EMAIL PROTECTED] --- [EMAIL PROTECTED] */ E-mail Bumper Stickers: A FREE America or a Drug-Free America: You can't have both! honk if you Love Linux -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: named setup problems
On Thu, Jul 16, 1998 at 10:55:54AM -0400, Jeff Schreiber wrote: Stephen J. Carpenter [EMAIL PROTECTED] writes: then setup one of them so that it has no knowledge of any root servers and is the primary nameserver for the network...and list no other outside adresses or nameservers anywhere. I'm not sure I am completely understanding the issue that you are having. Are you planning to have the internal systems stay internal, and have the external system [spiderman] resolv off of the internet? What I would suggest is: 1) Setup an internal root server on your linux box. ahh that sounds like what I am looking to do [tech details snipped] 2) Set up your Win95 system as a caching server with the typical root servers in the root hints file [the cache zone]. You _may_ also want to set it up as secondary to your internal zones [with your linux as primary] so that your Win95 nameserver can resolve things like shit-box.carpanet. I would rather not do that. the win95 machine is my fathers, and will not be on the network much longer as my girlfriend and I will be moving out (on Sept 1 - we found an apartment!). When that happens I do plan to get around to setting up more linux boxen...but do I really NEED more than 1 nameserver on such a small network... afterall if Shit-Box is down...the network is screwed anyway (the Win95 machine and the Mac...just no point in that :) ) internal addresses... you may also want to setup allow-transfer on those zones to prevent remote systems from getting information about your internal network [like all the names and IP addresses, and all that. I am not worried about that...in fact I may in the future have someone use me as a nameserver (I sometimes an chatting online and give out my IP adress to a friend to check out a new web page or something before I upload to a public server...unfortunaly that deosn't work to well if the hostname doesn't resolve cuz apache is redirecting them to Shit-Box.carpanet) Another thing you could do is to have your PPP dialup change your config some. Replace your root config file with a normal file that has the root server hints, and reload your server... then replace it back and reload when your connection closes but that would be a little more challenging. I plan to do that too... basiclaly 2 named setups (both with my local adresses and domains setup...) I will switch between them with a sym link and a kill -SIGHUP `/var/run/named.pid` There are a lot of other things you can do with forwarding and forward servers, and forward-only servers and all that if the above wasn't really what you were looking for... let us know. its close to what I tried to do...I guess I was just missing something... the setup of the files is confusing... anyone got a setup they don't mind shareing? I could use a real working config (preferably debian setup based) to read to get an idea what im doing -Steve -- /* -- Stephen Carpenter [EMAIL PROTECTED] --- [EMAIL PROTECTED] */ E-mail Bumper Stickers: A FREE America or a Drug-Free America: You can't have both! honk if you Love Linux -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: named setup problems
Stephen J. Carpenter wrote: On Thu, Jul 16, 1998 at 10:17:45AM -0500, Jens B. Jorgensen wrote: Hack is the word alright. My opinion is that you're attacking this problem the wrong way though. Now let me make sure I've got it right. When your connection is down (diald? pon? xisp? ???) programs are trying to make DNS lookups and these programs hang for a long time waiting for a DNS response which doesn't come back. What names are they looking up? It stands to reason that unless you're trying to use the internet you shouldn't need to look up any host which isn't local. There no reason not to have local hosts in your local bind database, right? Well the thing is... I have worked out how to swicth between online and offline modes...actually simple... the idea is to have 2 dirs /var/named-online and /var/named-offline then have /var/named a sym link to the proper one. in the same script that changes the sym link issue kill -SIGHUP `cat /var/run/named.pid` My question is on how to setup named so that it is capable of answering the queries of my machines about eachother (ie if kitty wants to resolve shit-box.carpanet to check out the web server) You don't *need* two different files. I don't understand why you do. Just go ahead and make your named the authoritative name server for carpanet. Forward other requests outside. This should work just fine. Why is it you think you need two configurations? -- Jens B. Jorgensen [EMAIL PROTECTED] -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: named setup problems
Jens B. Jorgensen [EMAIL PROTECTED] writes: You don't *need* two different files. I don't understand why you do. Just go ahead and make your named the authoritative name server for carpanet. Forward other requests outside. This should work just fine. Why is it you think you need two configurations? With that setup, you have to wait for a timeout if your not connected to your ISP [the outside] for things that your not authoritative for. The above suggestion is perfectly fine if you are sure your not going to try and resolve an external address when your not connected. I think what he wants is a way to configure it so that he's a root server serving his internal zone when the connection isn't there, and a primary server serving the internal zone, but delegating to the roots for things they don't know about when he is there. You would want virtually the same configuration except: - When connected: You would have the typical root cache hints file. - When not connected: Instead of the root cache hints file, you would be primary for the root [as I explained in a previous message]. For an example of someones configuration, check out the discussion last week [or so] which was a similar thing. He had an autodialer, and it was connecting to his ISP when it shouldn't. -Jeff * | Jeff Schreiber | System administrators are, of course, | | aka - Spectre | incorruptible. You can offer me any | | [EMAIL PROTECTED] | amount of money. And you can believe | | | me, because I'm always right, and I| | | never lie. | | | (Paul Sand - [EMAIL PROTECTED]) | * -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null