Re[2]: Bind 9.2.3rc4
Hi, Jens. I now attach my config file with zones and log files. At 19:13 i have started named. At 19:15 dig 127.0.0.1 JR I'm busy for next 2 days. I'll prove it on Thursday if it's not to JR late for you, ok? JR Ok, I saved you cfg's into orig/, copied them into a new/ JR directory and simplified it most I could. The diff is attached. JR Would you please try whether it works so far? dig 127.0.0.1 dig 192.168.1.4 dig 192.168.1.1 Do not work :-( -- Regards, Vladimir mailto:[EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Bind 9.2.3rc4
Vladimir wrote: Hi, Jens. I now attach my config file with zones and log files. At 19:13 i have started named. At 19:15 dig 127.0.0.1 JR I'm busy for next 2 days. I'll prove it on Thursday if it's not to JR late for you, ok? JR Ok, I saved you cfg's into orig/, copied them into a new/ JR directory and simplified it most I could. The diff is attached. JR Would you please try whether it works so far? dig 127.0.0.1 dig 192.168.1.4 dig 192.168.1.1 Do not work :-( Please use script(1) to submit the entire output. And please run the named with -d flag, too and submit even it's output. Jens ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Bind 9.2.3rc4
Vladimir wrote: Hi, Jens. I now attach my config file with zones and log files. At 19:13 i have started named. At 19:15 dig 127.0.0.1 JR I'm busy for next 2 days. I'll prove it on Thursday if it's not to JR late for you, ok? And where are you? Sorry, I've been very busy in last weeks. But you're right, I promised to help - I'm a bad guy :-( Ok, I saved you cfg's into orig/, copied them into a new/ directory and simplified it most I could. The diff is attached. Would you please try whether it works so far? Best regards and really sorry about the delay, Jens diff -u orig/localhost.db new/localhost.db --- orig/localhost.db Sun Nov 9 15:14:50 2003 +++ new/localhost.dbSun Nov 9 15:20:44 2003 @@ -1,6 +1,4 @@ - $TTL 1D - localhost. IN SOA ns.habanet.local. hostmaster.habanet.local. ( 2003091501 ;serial number 86400 ;refresh @@ -9,5 +7,5 @@ 3600;minimum ) -localhost. IN NS ns.habanet.local. + IN NS @ localhost. IN A 127.0.0.1 diff -u orig/localhost.rev new/localhost.rev --- orig/localhost.rev Sun Nov 9 15:14:50 2003 +++ new/localhost.rev Sun Nov 9 15:21:31 2003 @@ -14,5 +14,5 @@ 3888000 ; Expire 3600; Minimum ) - IN NS ns.habanet.local. -1 IN PTR localhost.habanet.local. + IN NS localhost. +1 IN PTR localhost. diff -u orig/named.conf new/named.conf --- orig/named.conf Sun Nov 9 15:14:50 2003 +++ new/named.conf Sun Nov 9 15:19:22 2003 @@ -1,51 +1,18 @@ options { directory /etc/namedb; pid-file /etc/namedb/named.pid; - allow-recursion { 192.168.1.0/24; 127.0.0.1;}; - allow-query { 192.168.1.0/24; 127.0.0.1;}; - version unknow; + // allow-recursion { 192.168.1.0/24; 127.0.0.1;}; + // allow-query { 192.168.1.0/24; 127.0.0.1;}; + // version unknow; forwarders { 80.80.111.254; 80.80.111.244; }; - query-source address * port 53; + // Sure that nslookup binds to port 53? + // query-source address * port 53; dump-file /var/tmp/named_dump.db; }; -controls {}; - -key DHCP_UPDATER { - algorithm *** :-); - secret :-); -}; - -logging { -channel update_debug { -file /var/log/named-update.log; -severity debug 5; -print-category yes; -print-severity yes; -print-time yes; -}; -channel security_info { -file /var/log/named-auth.log; -severity info; -print-category yes; -print-severity yes; -print-time yes; -}; -channel example_debug { -file /var/log/named-debug.log; -severity debug 5; -print-category yes; -print-severity yes; -print-time yes; -}; -category default { example_debug; }; -category update { update_debug; }; -category security { security_info; }; -}; - zone . { type hint; file named.root; @@ -67,7 +34,7 @@ type master; file habanet.local.db; // allow-query { 192.168.1.0/24; 127.0.0.1;}; -allow-update { key DHCP_UPDATER; }; +// allow-update { key DHCP_UPDATER; }; // allow-transfer {192.168.1.4;}; // notify no; }; @@ -76,7 +43,7 @@ type master; file 192.168.1.db; // allow-query { 192.168.1.0/24; 127.0.0.1;}; -allow-update { key DHCP_UPDATER; }; +// allow-update { key DHCP_UPDATER; }; // allow-transfer {192.168.1.4;}; }; ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re[2]: Bind 9.2.3rc4
Hi, Jens. ? JR You have 2 lines with defined acl's in your config and allow JR only for requests matching the one of the list entries. JR If I were in your situation, I would remove them for testing JR to see whether it works than or not. I don't have any experience JR with access control within bind, so I cannot tell you if it's JR correct. I you ipf to block request not coming from 10.62.10.0/24 or JR 127.0.0.0/8 to this machine. I remove all acl's and changed all allow- but dig 127.0.0.1 do not work. I removed all allow- but it do not work. :-( JR $ dig 127.0.0.1 JR ; DiG 8.3 127.0.0.1 ... JR ;; MSG SIZE sent: 27 rcvd: 102 Not working. JR Try to connect to internet and see if it works fine than. Not working. :-( JR If it does, either your /etc/resolve.conf is wrong search habanet.local domain habanet.local nameserver 192.168.1.4 Is it right? JR or your access restriction are. JR As you can see here, my server responds. You should check your logfiles JR to see why your server denied to answer the request. Maybe you have to JR increase the verbosity for it. How i can do it? JR named(8) tells you :-) You talking about -d option or about logging? Maybe something wrong in my configs? And why mc start so long? I know that because of named, bucaese when I stop it mc start quikly. JR First assumtion of me is your acl's. If they're not, we'll look JR deeper :-) Problem not in acl. -- Regards, Vladimir mailto:[EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Bind 9.2.3rc4
Vladimir wrote: Hi, Jens. Hi Vladimir, JR You have 2 lines with defined acl's in your config and allow JR only for requests matching the one of the list entries. JR If I were in your situation, I would remove them for testing JR to see whether it works than or not. I don't have any experience JR with access control within bind, so I cannot tell you if it's JR correct. I you ipf to block request not coming from 10.62.10.0/24 or JR 127.0.0.0/8 to this machine. I remove all acl's and changed all allow- but dig 127.0.0.1 do not work. I removed all allow- but it do not work. :-( And restarted you server? Ok, start the named within a script(1) with '-d'. Then it will print whatever it does. On another terminal, start a request, eg. 'dig'. If you cannot find sth. mysterious or unwanted in the output, attach the log. JR $ dig 127.0.0.1 JR ; DiG 8.3 127.0.0.1 ... JR ;; MSG SIZE sent: 27 rcvd: 102 Not working. JR Try to connect to internet and see if it works fine than. Not working. :-( JR If it does, either your /etc/resolve.conf is wrong search habanet.local domain habanet.local nameserver 192.168.1.4 Is it right? I think so. JR or your access restriction are. JR As you can see here, my server responds. You should check your logfiles JR to see why your server denied to answer the request. Maybe you have to JR increase the verbosity for it. How i can do it? JR named(8) tells you :-) You talking about -d option or about logging? At first about the '-d' option. Maybe something wrong in my configs? And why mc start so long? I know that because of named, bucaese when I stop it mc start quikly. JR First assumtion of me is your acl's. If they're not, we'll look JR deeper :-) Problem not in acl. Your the expert :-) No - as long as it doesn't work, the config should be reduced to minimum. Maybe the acl's aren't the problem, maybe they aren't the only one. Maybe they are the only one which is not wrong? Would you please be so kind and attach the config files next time you reply? Jens ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Bind 9.2.3rc4
Vladimir wrote: , Jens. Vladimir, you've forgotten to cc questions@ - added. 25 2003 ., 19:24:56: JR Vladimir wrote: Hi, freebsd-questions. ;; res_nsend: Operation timed out JR Furthermore I don't use acl's, I'm using packet filtering. ? You have 2 lines with defined acl's in your config and allow only for requests matching the one of the list entries. If I were in your situation, I would remove them for testing to see whether it works than or not. I don't have any experience with access control within bind, so I cannot tell you if it's correct. I you ipf to block request not coming from 10.62.10.0/24 or 127.0.0.0/8 to this machine. JR $ dig 127.0.0.1 JR ; DiG 8.3 127.0.0.1 ... JR ;; MSG SIZE sent: 27 rcvd: 102 Not working. Try to connect to internet and see if it works fine than. If it does, either your /etc/resolve.conf is wrong or your access restriction are. JR As you can see here, my server responds. You should check your logfiles JR to see why your server denied to answer the request. Maybe you have to JR increase the verbosity for it. How i can do it? named(8) tells you :-) Maybe something wrong in my configs? And why mc start so long? I know that because of named, bucaese when I stop it mc start quikly. First assumtion of me is your acl's. If they're not, we'll look deeper :-) Regards, Jens ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Bind 9.2.3rc4
Hi, freebsd-questions. Can some one help with subj? named.conf: acl habanet {192.168.1.0/24;}; acl localh {127.0.0.1;}; options { directory /etc/namedb; pid-file /etc/namedb/named.pid; allow-recursion { habanet; localh;}; allow-query {habanet; localh;}; version unknow; forwarders { 127.0.0.1; 80.80.111.254; 80.80.111.244; }; query-source address * port 53; dump-file /var/tmp/named_dump.db; }; controls {}; key DHCP_UPDATER { algorithm HMAC-MD5.SIG-ALG.REG.INT; secret druLaR2EqI4ghGEWHTiSAw==; }; logging { channel update_debug { file /var/log/named-update.log; severity debug 3; print-category yes; print-severity yes; print-time yes; }; channel security_info { file /var/log/named-auth.log; severity info; print-category yes; print-severity yes; print-time yes; }; category update { update_debug; }; category security { security_info; }; }; zone . { type hint; file named.root; }; zone localhost { type master; file localhost.db; notify no; }; zone 0.0.127.in-addr.arpa { type master; file localhost.rev; notify no; }; zone habanet.local { type master; file habanet.local.db; allow-query {habanet; localh;}; allow-update { key DHCP_UPDATER; }; allow-transfer {192.168.1.4;}; // notify no; }; zone 1.168.192.in-addr.arpa { type master; file 192.168.1.db; // allow-query {habanet; localh;}; allow-update { key DHCP_UPDATER; }; allow-transfer {192.168.1.4;}; }; // RFC 3152 zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA type master; file localhost-v6.rev; }; // RFC 1886 -- deprecated zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT { type master; file localhost-v6.rev; }; 192.168.1.db: $ORIGIN . $TTL 3600 ; 1 hour 1.168.192.in-addr.arpa IN SOA ns.habanet.local. hostmaster.habanet.local. ( 2003091502 ; serial 86400 ; refresh (1 day) 3600 ; retry (1 hour) 3888000; expire (6 weeks 3 days) 3600 ; minimum (1 hour) ) IN NS ns.habanet.local. $ORIGIN 1.168.192.in-addr.arpa. $TTL 41000 ; 11 hours 23 minutes 20 seconds 1 IN PTR Haba.habanet.local. $TTL 3600 ; 1 hour 4 In PTR server.habanet.local. habanet.local.db: $TTL 86400 habanet.local. IN SOA ns.habanet.local. hostmaster.habanet.local. ( 2003091501 ;serial number 86400 ;refresh 3600;retry 3888000 ;expire 3600;minimum ) ; Name server IN NS ns.habanet.local. IN A 192.168.1.4 IN MX 4 server.habanet.local. ; server IN A 192.168.1.4 www IN CNAME server ftp IN CNAME server gopher IN CNAME server ; habaIN A 192.168.1.1 localhost.db: $TTL 1D localhost. IN SOA ns.habanet.local. hostmaster.habanet.local. ( 2003091501 ;serial number 86400 ;refresh 3600;retry 3888000 ;expire 3600;minimum ) localhost. IN NS ns.habanet.local. localhost. IN A 127.0.0.1 localhost.rev: $TTL1D 0.0.127.in-addr.arpa. IN SOA ns.habanet.local. hostmaster.habanet.local. ( 2003091501 ; Serial 86400 ; Refresh 3600; Retry 3888000 ; Expire 3600; Minimum