Re: Bind 9.2.3rc4
Vladimir wrote: Hi, Jens. I now attach my config file with zones and log files. At 19:13 i have started named. At 19:15 "dig 127.0.0.1" JR> I'm busy for next 2 days. I'll prove it on Thursday if it's not to JR> late for you, ok? JR> Ok, I saved you cfg's into orig/, copied them into a new/ JR> directory and simplified it most I could. The diff is attached. JR> Would you please try whether it works so far? dig 127.0.0.1 dig 192.168.1.4 dig 192.168.1.1 Do not work :-( Please use script(1) to submit the entire output. And please run the named with -d flag, too and submit even it's output. Jens ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re[2]: Bind 9.2.3rc4
Hi, Jens. I now attach my config file with zones and log files. At 19:13 i have started named. At 19:15 "dig 127.0.0.1" >> JR> I'm busy for next 2 days. I'll prove it on Thursday if it's not to >> JR> late for you, ok? JR> Ok, I saved you cfg's into orig/, copied them into a new/ JR> directory and simplified it most I could. The diff is attached. JR> Would you please try whether it works so far? dig 127.0.0.1 dig 192.168.1.4 dig 192.168.1.1 Do not work :-( -- Regards, Vladimir mailto:[EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Bind 9.2.3rc4
Vladimir wrote: Hi, Jens. I now attach my config file with zones and log files. At 19:13 i have started named. At 19:15 "dig 127.0.0.1" JR> I'm busy for next 2 days. I'll prove it on Thursday if it's not to JR> late for you, ok? And where are you? Sorry, I've been very busy in last weeks. But you're right, I promised to help - I'm a bad guy :-( Ok, I saved you cfg's into orig/, copied them into a new/ directory and simplified it most I could. The diff is attached. Would you please try whether it works so far? Best regards and really sorry about the delay, Jens diff -u orig/localhost.db new/localhost.db --- orig/localhost.db Sun Nov 9 15:14:50 2003 +++ new/localhost.dbSun Nov 9 15:20:44 2003 @@ -1,6 +1,4 @@ - $TTL 1D - localhost. IN SOA ns.habanet.local. hostmaster.habanet.local. ( 2003091501 ;serial number 86400 ;refresh @@ -9,5 +7,5 @@ 3600;minimum ) -localhost. IN NS ns.habanet.local. + IN NS @ localhost. IN A 127.0.0.1 diff -u orig/localhost.rev new/localhost.rev --- orig/localhost.rev Sun Nov 9 15:14:50 2003 +++ new/localhost.rev Sun Nov 9 15:21:31 2003 @@ -14,5 +14,5 @@ 3888000 ; Expire 3600; Minimum ) - IN NS ns.habanet.local. -1 IN PTR localhost.habanet.local. + IN NS localhost. +1 IN PTR localhost. diff -u orig/named.conf new/named.conf --- orig/named.conf Sun Nov 9 15:14:50 2003 +++ new/named.conf Sun Nov 9 15:19:22 2003 @@ -1,51 +1,18 @@ options { directory "/etc/namedb"; pid-file "/etc/namedb/named.pid"; - allow-recursion { 192.168.1.0/24; 127.0.0.1;}; - allow-query { 192.168.1.0/24; 127.0.0.1;}; - version "unknow"; + // allow-recursion { 192.168.1.0/24; 127.0.0.1;}; + // allow-query { 192.168.1.0/24; 127.0.0.1;}; + // version "unknow"; forwarders { 80.80.111.254; 80.80.111.244; }; - query-source address * port 53; + // Sure that nslookup binds to port 53? + // query-source address * port 53; dump-file "/var/tmp/named_dump.db"; }; -controls {}; - -key DHCP_UPDATER { - algorithm *** :-); - secret :-); -}; - -logging { -channel update_debug { -file "/var/log/named-update.log"; -severity debug 5; -print-category yes; -print-severity yes; -print-time yes; -}; -channel security_info { -file "/var/log/named-auth.log"; -severity info; -print-category yes; -print-severity yes; -print-time yes; -}; -channel example_debug { -file "/var/log/named-debug.log"; -severity debug 5; -print-category yes; -print-severity yes; -print-time yes; -}; -category default { example_debug; }; -category update { update_debug; }; -category security { security_info; }; -}; - zone "." { type hint; file "named.root"; @@ -67,7 +34,7 @@ type master; file "habanet.local.db"; // allow-query { 192.168.1.0/24; 127.0.0.1;}; -allow-update { key DHCP_UPDATER; }; +// allow-update { key DHCP_UPDATER; }; // allow-transfer {192.168.1.4;}; // notify no; }; @@ -76,7 +43,7 @@ type master; file "192.168.1.db"; // allow-query { 192.168.1.0/24; 127.0.0.1;}; -allow-update { key DHCP_UPDATER; }; +// allow-update { key DHCP_UPDATER; }; // allow-transfer {192.168.1.4;}; }; ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re[2]: Bind 9.2.3rc4
Hi Jen, I now attach my config file with zones and log files. At 19:13 i have started named. At 19:15 "dig 127.0.0.1" -- Regards, Vladimir mailto:[EMAIL PROTECTED] named-debug.log Description: Binary data 0.in-addr.arpa Description: Binary data 192.168.1.db Description: Binary data 255.in-addr.arpa Description: Binary data habanet.local.db Description: Binary data localhost.db Description: Binary data localhost.rev Description: Binary data localhost-v6.rev Description: Binary data named.conf Description: Binary data named.root Description: Binary data ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Bind 9.2.3rc4
Vladimir wrote: Hi, Jens. Hi Vladimir, JR> You have 2 lines with defined acl's in your config and allow JR> only for requests matching the one of the list entries. JR> If I were in your situation, I would remove them for testing JR> to see whether it works than or not. I don't have any experience JR> with access control within bind, so I cannot tell you if it's JR> correct. I you ipf to block request not coming from 10.62.10.0/24 or JR> 127.0.0.0/8 to this machine. I remove all acl's and changed all allow- but dig 127.0.0.1 do not work. I removed all allow- but it do not work. :-( And restarted you server? Ok, start the named within a script(1) with '-d'. Then it will print whatever it does. On another terminal, start a request, eg. 'dig'. If you cannot find sth. mysterious or unwanted in the output, attach the log. JR> $ dig 127.0.0.1 JR> ; <<>> DiG 8.3 <<>> 127.0.0.1 ... JR> ;; MSG SIZE sent: 27 rcvd: 102 Not working. JR> Try to connect to internet and see if it works fine than. Not working. :-( JR> If it does, either your /etc/resolve.conf is wrong search habanet.local domain habanet.local nameserver 192.168.1.4 Is it right? I think so. JR> or your access restriction are. JR> As you can see here, my server responds. You should check your logfiles JR> to see why your server denied to answer the request. Maybe you have to JR> increase the verbosity for it. How i can do it? JR> named(8) tells you :-) You talking about -d option or about "logging"? At first about the '-d' option. Maybe something wrong in my configs? And why mc start so long? I know that because of named, bucaese when I stop it mc start quikly. JR> First assumtion of me is your acl's. If they're not, we'll look JR> deeper :-) Problem not in acl. Your the expert :-) No - as long as it doesn't work, the config should be reduced to minimum. Maybe the acl's aren't the problem, maybe they aren't the only one. Maybe they are the only one which is not wrong? Would you please be so kind and attach the config files next time you reply? Jens ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re[2]: Bind 9.2.3rc4
Hi, Jens. >> ? JR> You have 2 lines with defined acl's in your config and allow JR> only for requests matching the one of the list entries. JR> If I were in your situation, I would remove them for testing JR> to see whether it works than or not. I don't have any experience JR> with access control within bind, so I cannot tell you if it's JR> correct. I you ipf to block request not coming from 10.62.10.0/24 or JR> 127.0.0.0/8 to this machine. I remove all acl's and changed all allow- but dig 127.0.0.1 do not work. I removed all allow- but it do not work. :-( >> JR> $ dig 127.0.0.1 >> JR> ; <<>> DiG 8.3 <<>> 127.0.0.1 >> ... >> JR> ;; MSG SIZE sent: 27 rcvd: 102 >> Not working. JR> Try to connect to internet and see if it works fine than. Not working. :-( JR> If it does, either your /etc/resolve.conf is wrong search habanet.local domain habanet.local nameserver 192.168.1.4 Is it right? JR> or your access restriction are. >> JR> As you can see here, my server responds. You should check your logfiles >> JR> to see why your server denied to answer the request. Maybe you have to >> JR> increase the verbosity for it. >> >> How i can do it? JR> named(8) tells you :-) You talking about -d option or about "logging"? >> Maybe something wrong in my configs? >> And why mc start so long? I know that because of named, bucaese when I >> stop it mc start quikly. JR> First assumtion of me is your acl's. If they're not, we'll look JR> deeper :-) Problem not in acl. -- Regards, Vladimir mailto:[EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Bind 9.2.3rc4
Vladimir wrote: Здравствуйте, Jens. Здравствуйте Vladimir, you've forgotten to cc questions@ - added. Вы писали 25 октября 2003 г., 19:24:56: JR> Vladimir wrote: Hi, freebsd-questions. ;; res_nsend: Operation timed out JR> Furthermore I don't use acl's, I'm using packet filtering. ? You have 2 lines with defined acl's in your config and allow only for requests matching the one of the list entries. If I were in your situation, I would remove them for testing to see whether it works than or not. I don't have any experience with access control within bind, so I cannot tell you if it's correct. I you ipf to block request not coming from 10.62.10.0/24 or 127.0.0.0/8 to this machine. JR> $ dig 127.0.0.1 JR> ; <<>> DiG 8.3 <<>> 127.0.0.1 ... JR> ;; MSG SIZE sent: 27 rcvd: 102 Not working. Try to connect to internet and see if it works fine than. If it does, either your /etc/resolve.conf is wrong or your access restriction are. JR> As you can see here, my server responds. You should check your logfiles JR> to see why your server denied to answer the request. Maybe you have to JR> increase the verbosity for it. How i can do it? named(8) tells you :-) Maybe something wrong in my configs? And why mc start so long? I know that because of named, bucaese when I stop it mc start quikly. First assumtion of me is your acl's. If they're not, we'll look deeper :-) Regards, Jens ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Bind 9.2.3rc4
Vladimir wrote: Hi, freebsd-questions. Can some one help with subj? - # dig 127.0.0.1 ; <<>> DiG 8.3 <<>> 127.0.0.1 ;; res options: init recurs defnam dnsrch ;; res_nsend: Operation timed out On my workstation: $ cat /etc/resolv.conf search muppets.liwing.de nameserver 10.62.10.7 nameserver 213.70.188.162 $ host localhost Host not found. It looks for 'localhost.muppets.liwing.de' $ host localhost. localhost has address 127.0.0.1 As you can see - here it works. $ nslookup localhost Server: fozzie.muppets.liwing.de Address: 10.62.10.7 Name:localhost Address: 127.0.0.1 The only difference in your and my named.conf according to zone localhost is, that you have included a 'notify no' in the zone localhost. Furthermore I don't use acl's, I'm using packet filtering. $ nslookup localhost. Server: fozzie.muppets.liwing.de Address: 10.62.10.7 Name:localhost Address: 127.0.0.1 $ dig 127.0.0.1 ; <<>> DiG 8.3 <<>> 127.0.0.1 ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41076 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUERY SECTION: ;; 127.0.0.1, type = A, class = IN ;; AUTHORITY SECTION: . 3H IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. ( 2003102500 ; serial 30M ; refresh 15M ; retry 1W ; expiry 1D ); minimum ;; Total query time: 2131 msec ;; FROM: statler to SERVER: 10.62.10.7 ;; WHEN: Sat Oct 25 16:11:53 2003 ;; MSG SIZE sent: 27 rcvd: 102 As you can see here, my server responds. You should check your logfiles to see why your server denied to answer the request. Maybe you have to increase the verbosity for it. And - before I forget it: You should NEVER post your passwords, secrets, etc. to any public medium! Replace them with 'secret' or '***'. Best regards, Jens ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Bind 9.2.3rc4
Hi, freebsd-questions. Can some one help with subj? named.conf: acl "habanet" {192.168.1.0/24;}; acl "localh" {127.0.0.1;}; options { directory "/etc/namedb"; pid-file "/etc/namedb/named.pid"; allow-recursion { "habanet"; "localh";}; allow-query {"habanet"; "localh";}; version "unknow"; forwarders { 127.0.0.1; 80.80.111.254; 80.80.111.244; }; query-source address * port 53; dump-file "/var/tmp/named_dump.db"; }; controls {}; key DHCP_UPDATER { algorithm HMAC-MD5.SIG-ALG.REG.INT; secret druLaR2EqI4ghGEWHTiSAw==; }; logging { channel update_debug { file "/var/log/named-update.log"; severity debug 3; print-category yes; print-severity yes; print-time yes; }; channel security_info { file "/var/log/named-auth.log"; severity info; print-category yes; print-severity yes; print-time yes; }; category update { update_debug; }; category security { security_info; }; }; zone "." { type hint; file "named.root"; }; zone "localhost" { type master; file "localhost.db"; notify no; }; zone "0.0.127.in-addr.arpa" { type master; file "localhost.rev"; notify no; }; zone "habanet.local" { type master; file "habanet.local.db"; allow-query {"habanet"; "localh";}; allow-update { key DHCP_UPDATER; }; allow-transfer {192.168.1.4;}; // notify no; }; zone "1.168.192.in-addr.arpa" { type master; file "192.168.1.db"; // allow-query {"habanet"; "localh";}; allow-update { key DHCP_UPDATER; }; allow-transfer {192.168.1.4;}; }; // RFC 3152 zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" type master; file "localhost-v6.rev"; }; // RFC 1886 -- deprecated zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" { type master; file "localhost-v6.rev"; }; 192.168.1.db: $ORIGIN . $TTL 3600 ; 1 hour 1.168.192.in-addr.arpa IN SOA ns.habanet.local. hostmaster.habanet.local. ( 2003091502 ; serial 86400 ; refresh (1 day) 3600 ; retry (1 hour) 3888000; expire (6 weeks 3 days) 3600 ; minimum (1 hour) ) IN NS ns.habanet.local. $ORIGIN 1.168.192.in-addr.arpa. $TTL 41000 ; 11 hours 23 minutes 20 seconds 1 IN PTR Haba.habanet.local. $TTL 3600 ; 1 hour 4 In PTR server.habanet.local. habanet.local.db: $TTL 86400 habanet.local. IN SOA ns.habanet.local. hostmaster.habanet.local. ( 2003091501 ;serial number 86400 ;refresh 3600;retry 3888000 ;expire 3600;minimum ) ; Name server IN NS ns.habanet.local. IN A 192.168.1.4 IN MX 4 server.habanet.local. ; server IN A 192.168.1.4 www IN CNAME server ftp IN CNAME server gopher IN CNAME server ; habaIN A 192.168.1.1 localhost.db: $TTL 1D localhost. IN SOA ns.habanet.local. hostmaster.habanet.local. ( 2003091501 ;serial number 86400 ;refresh 3600;retry 3888000 ;expire 3600;minimum ) localhost. IN NS ns.habanet.local. localhost. IN A 127.0.0.1 localhost.rev: $TTL1D 0.0.127.in-addr.arpa. IN SOA ns.habanet.local. hostmaster.habanet.local. ( 2003091501 ; Serial 86400 ; Refresh 3600; Retry 3888000 ; Expire