subject:"Bind 9.2.3rc4"

Re[2]: Bind 9.2.3rc4

2003-11-10 Thread Vladimir

Hi, Jens.

I now attach my config file with zones and log files.
At 19:13 i have started named.
At 19:15 dig 127.0.0.1
 JR I'm busy for next 2 days. I'll prove it on Thursday if it's not to
 JR late for you, ok?
JR Ok, I saved you cfg's into orig/, copied them into a new/
JR directory and simplified it most I could. The diff is attached.
JR Would you please try whether it works so far?

   dig 127.0.0.1
   dig 192.168.1.4
   dig 192.168.1.1
   Do not work :-(

-- 
Regards,
 Vladimir  mailto:[EMAIL PROTECTED]

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Bind 9.2.3rc4

2003-11-10 Thread Jens Rehsack

Vladimir wrote:
Hi, Jens.


I now attach my config file with zones and log files.
At 19:13 i have started named.
At 19:15 dig 127.0.0.1
JR I'm busy for next 2 days. I'll prove it on Thursday if it's not to
JR late for you, ok?
JR Ok, I saved you cfg's into orig/, copied them into a new/
JR directory and simplified it most I could. The diff is attached.
JR Would you please try whether it works so far?
   dig 127.0.0.1
   dig 192.168.1.4
   dig 192.168.1.1
   Do not work :-(
Please use script(1) to submit the entire output.
And please run the named with -d flag, too and
submit even it's output.
Jens

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Bind 9.2.3rc4

2003-11-09 Thread Jens Rehsack

Vladimir wrote:
Hi, Jens.



I now attach my config file with zones and log files.
At 19:13 i have started named.
At 19:15 dig 127.0.0.1


JR I'm busy for next 2 days. I'll prove it on Thursday if it's not to
JR late for you, ok?
And where are you?
Sorry, I've been very busy in last weeks. But you're right,
I promised to help - I'm a bad guy :-(
Ok, I saved you cfg's into orig/, copied them into a new/
directory and simplified it most I could. The diff is attached.
Would you please try whether it works so far?
Best regards and really sorry about the delay,
Jens
diff -u orig/localhost.db new/localhost.db
--- orig/localhost.db   Sun Nov  9 15:14:50 2003
+++ new/localhost.dbSun Nov  9 15:20:44 2003
@@ -1,6 +1,4 @@
-
 $TTL 1D
-
 localhost.  IN  SOA ns.habanet.local. 
hostmaster.habanet.local. (
 2003091501  ;serial number
 86400   ;refresh
@@ -9,5 +7,5 @@
 3600;minimum
 )
 
-localhost.  IN  NS  ns.habanet.local.
+   IN  NS  @
 localhost.  IN  A   127.0.0.1
diff -u orig/localhost.rev new/localhost.rev
--- orig/localhost.rev  Sun Nov  9 15:14:50 2003
+++ new/localhost.rev   Sun Nov  9 15:21:31 2003
@@ -14,5 +14,5 @@
3888000 ; Expire
3600; Minimum
 )
-   IN  NS  ns.habanet.local.
-1  IN  PTR localhost.habanet.local.
+   IN  NS  localhost.
+1  IN  PTR localhost.
diff -u orig/named.conf new/named.conf
--- orig/named.conf Sun Nov  9 15:14:50 2003
+++ new/named.conf  Sun Nov  9 15:19:22 2003
@@ -1,51 +1,18 @@
 options {
directory /etc/namedb;
pid-file /etc/namedb/named.pid;
-   allow-recursion { 192.168.1.0/24; 127.0.0.1;};
-   allow-query { 192.168.1.0/24; 127.0.0.1;};
-   version unknow;
+   // allow-recursion { 192.168.1.0/24; 127.0.0.1;};
+   // allow-query { 192.168.1.0/24; 127.0.0.1;};
+   // version unknow;
forwarders {
80.80.111.254;
80.80.111.244;
};
-   query-source address * port 53;
+   // Sure that nslookup binds to port 53?
+   // query-source address * port 53;
dump-file /var/tmp/named_dump.db;
 };
 
-controls {};
-
-key DHCP_UPDATER {
- algorithm *** :-);
- secret  :-);
-};
-
-logging {
-channel update_debug {
-file /var/log/named-update.log;
-severity debug 5;
-print-category  yes;
-print-severity  yes;
-print-time  yes;
-};
-channel security_info {
-file /var/log/named-auth.log;
-severity info;
-print-category  yes;
-print-severity  yes;
-print-time  yes;
-};
-channel example_debug {
-file /var/log/named-debug.log;
-severity debug 5;
-print-category  yes;
-print-severity  yes;
-print-time  yes;
-};
-category default { example_debug; };
-category update { update_debug; };
-category security { security_info; };
-};
-
 zone . {
type hint;
file named.root;
@@ -67,7 +34,7 @@
 type master;
 file habanet.local.db;
 // allow-query { 192.168.1.0/24; 127.0.0.1;};
-allow-update { key DHCP_UPDATER; };
+// allow-update { key DHCP_UPDATER; };
 //  allow-transfer {192.168.1.4;};
 //  notify no;
 };
@@ -76,7 +43,7 @@
 type master;
 file 192.168.1.db;
 // allow-query { 192.168.1.0/24; 127.0.0.1;};
-allow-update { key DHCP_UPDATER; };
+// allow-update { key DHCP_UPDATER; };
 //  allow-transfer {192.168.1.4;};
 };
 
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re[2]: Bind 9.2.3rc4

2003-10-27 Thread Vladimir

Hi, Jens.

 ?
JR You have 2 lines with defined acl's in your config and allow
JR only for requests matching the one of the list entries.
JR If I were in your situation, I would remove them for testing
JR to see whether it works than or not. I don't have any experience
JR with access control within bind, so I cannot tell you if it's
JR correct. I you ipf to block request not coming from 10.62.10.0/24 or
JR 127.0.0.0/8 to this machine.

I remove all acl's and changed all allow- but dig 127.0.0.1 do not
work. I removed all allow- but it do not work. :-(

 JR $ dig 127.0.0.1
 JR ;  DiG 8.3  127.0.0.1
 ...
 JR ;; MSG SIZE  sent: 27  rcvd: 102
 Not working.
JR Try to connect to internet and see if it works fine than.
Not working. :-(

JR If it does, either your /etc/resolve.conf is wrong

search habanet.local
domain habanet.local
nameserver 192.168.1.4

Is it right?

JR or your access restriction are.

 JR As you can see here, my server responds. You should check your logfiles
 JR to see why your server denied to answer the request. Maybe you have to
 JR increase the verbosity for it.
 
 How i can do it?

JR named(8) tells you :-)

You talking about -d option or about logging?

 Maybe something wrong in my configs?
 And why mc start so long? I know that because of named, bucaese when I
 stop it mc start quikly.
JR First assumtion of me is your acl's. If they're not, we'll look
JR deeper :-)

Problem not in acl.

-- 
Regards,
 Vladimir  mailto:[EMAIL PROTECTED]

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Bind 9.2.3rc4

2003-10-27 Thread Jens Rehsack

Vladimir wrote:
Hi, Jens.
Hi Vladimir,

JR You have 2 lines with defined acl's in your config and allow
JR only for requests matching the one of the list entries.
JR If I were in your situation, I would remove them for testing
JR to see whether it works than or not. I don't have any experience
JR with access control within bind, so I cannot tell you if it's
JR correct. I you ipf to block request not coming from 10.62.10.0/24 or
JR 127.0.0.0/8 to this machine.
I remove all acl's and changed all allow- but dig 127.0.0.1 do not
work. I removed all allow- but it do not work. :-(
And restarted you server?

Ok, start the named within a script(1) with '-d'. Then it
will print whatever it does. On another terminal, start a
request, eg. 'dig'. If you cannot find sth. mysterious or
unwanted in the output, attach the log.
JR $ dig 127.0.0.1
JR ;  DiG 8.3  127.0.0.1
...
JR ;; MSG SIZE  sent: 27  rcvd: 102
Not working.
JR Try to connect to internet and see if it works fine than.
Not working. :-(
JR If it does, either your /etc/resolve.conf is wrong

search habanet.local
domain habanet.local
nameserver 192.168.1.4
Is it right?
I think so.

JR or your access restriction are.


JR As you can see here, my server responds. You should check your logfiles
JR to see why your server denied to answer the request. Maybe you have to
JR increase the verbosity for it.
How i can do it?
JR named(8) tells you :-)

You talking about -d option or about logging?
At first about the '-d' option.

Maybe something wrong in my configs?
And why mc start so long? I know that because of named, bucaese when I
stop it mc start quikly.
JR First assumtion of me is your acl's. If they're not, we'll look
JR deeper :-)
Problem not in acl.
Your the expert :-)
No - as long as it doesn't work, the config should be reduced to
minimum. Maybe the acl's aren't the problem, maybe they aren't the
only one. Maybe they are the only one which is not wrong?
Would you please be so kind and attach the config files next time
you reply?
Jens

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Bind 9.2.3rc4

2003-10-26 Thread Jens Rehsack

Vladimir wrote:
, Jens.
 Vladimir,

you've forgotten to cc questions@ - added.

  25  2003 ., 19:24:56:

JR Vladimir wrote:

Hi, freebsd-questions.
;; res_nsend: Operation timed out
JR Furthermore I don't use acl's, I'm using packet filtering.
 
?
You have 2 lines with defined acl's in your config and allow
only for requests matching the one of the list entries.
If I were in your situation, I would remove them for testing
to see whether it works than or not. I don't have any experience
with access control within bind, so I cannot tell you if it's
correct.
I you ipf to block request not coming from 10.62.10.0/24 or
127.0.0.0/8 to this machine.
JR $ dig 127.0.0.1
JR ;  DiG 8.3  127.0.0.1
...
JR ;; MSG SIZE  sent: 27  rcvd: 102
 
Not working.
Try to connect to internet and see if it works fine than.
If it does, either your /etc/resolve.conf is wrong or
your access restriction are.
JR As you can see here, my server responds. You should check your logfiles
JR to see why your server denied to answer the request. Maybe you have to
JR increase the verbosity for it.
How i can do it?
named(8) tells you :-)

Maybe something wrong in my configs?

And why mc start so long? I know that because of named, bucaese when I
stop it mc start quikly.
First assumtion of me is your acl's. If they're not, we'll look
deeper :-)
Regards,
Jens
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Bind 9.2.3rc4

2003-10-25 Thread Vladimir

Hi, freebsd-questions.

 Can some one help with subj?

 named.conf:
acl habanet {192.168.1.0/24;};
acl localh {127.0.0.1;};
options {
directory /etc/namedb;
pid-file /etc/namedb/named.pid;
allow-recursion { habanet; localh;};
allow-query {habanet; localh;};
version unknow;
forwarders {
127.0.0.1;
80.80.111.254;
80.80.111.244;
};
query-source address * port 53;
dump-file /var/tmp/named_dump.db;
};

controls {};

key DHCP_UPDATER {
 algorithm HMAC-MD5.SIG-ALG.REG.INT;
 secret druLaR2EqI4ghGEWHTiSAw==;
};
logging {
channel update_debug {
file /var/log/named-update.log;
severity debug 3;
print-category  yes;
print-severity  yes;
print-time  yes;
};
channel security_info {
file /var/log/named-auth.log;
severity info;
print-category  yes;
print-severity  yes;
print-time  yes;
};
category update { update_debug; };
category security { security_info; };
};

zone . {
type hint;
file named.root;
};
zone localhost {
type master;
file localhost.db;
notify no;
};

zone 0.0.127.in-addr.arpa {
type master;
file localhost.rev;
notify no;
};

zone habanet.local {
type master;
file habanet.local.db;
allow-query {habanet; localh;};
allow-update { key DHCP_UPDATER; };
allow-transfer {192.168.1.4;};
//  notify no;
};

zone 1.168.192.in-addr.arpa {
type master;
file 192.168.1.db;
//  allow-query {habanet; localh;};
allow-update { key DHCP_UPDATER; };
allow-transfer {192.168.1.4;};
};

// RFC 3152
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
type master;
file localhost-v6.rev;
};

// RFC 1886 -- deprecated
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT {
type master;
file localhost-v6.rev;
};

192.168.1.db:
$ORIGIN .
$TTL 3600   ; 1 hour
1.168.192.in-addr.arpa  IN SOA  ns.habanet.local. hostmaster.habanet.local. (
2003091502 ; serial
86400  ; refresh (1 day)
3600   ; retry (1 hour)
3888000; expire (6 weeks 3 days)
3600   ; minimum (1 hour)
)
IN  NS  ns.habanet.local.
$ORIGIN 1.168.192.in-addr.arpa.
$TTL 41000  ; 11 hours 23 minutes 20 seconds
1   IN  PTR Haba.habanet.local.
$TTL 3600   ; 1 hour
4   In  PTR server.habanet.local.

habanet.local.db:
$TTL 86400

habanet.local.  IN  SOA ns.habanet.local. hostmaster.habanet.local. (
2003091501  ;serial number
86400   ;refresh
3600;retry
3888000 ;expire
3600;minimum
)
;   Name server
IN  NS  ns.habanet.local.
IN  A   192.168.1.4
IN  MX  4   server.habanet.local.
;
server  IN  A   192.168.1.4
www IN  CNAME   server
ftp IN  CNAME   server
gopher  IN  CNAME   server
;
habaIN  A   192.168.1.1

localhost.db:
$TTL 1D

localhost.  IN  SOA ns.habanet.local. 
hostmaster.habanet.local. (
2003091501  ;serial number
86400   ;refresh
3600;retry
3888000 ;expire
3600;minimum
)

localhost.  IN  NS  ns.habanet.local.
localhost.  IN  A   127.0.0.1

localhost.rev:
$TTL1D

0.0.127.in-addr.arpa.   IN  SOA ns.habanet.local. 
hostmaster.habanet.local.  (
2003091501  ; Serial
86400   ; Refresh
3600; Retry
3888000 ; Expire
3600; Minimum

Re[2]: Bind 9.2.3rc4

Re: Bind 9.2.3rc4

Re: Bind 9.2.3rc4

Re[2]: Bind 9.2.3rc4

Re: Bind 9.2.3rc4

Re: Bind 9.2.3rc4

Bind 9.2.3rc4

7 matches

Site Navigation

Mail list logo

Footer information