Re: DNS problems this morning - CORRECTION
Allegedly, on or about 16 November 2012, Reindl Harald sent: i agree that it makes no sense if there is no useful domain but the benefits for cases where you have one beats the overhead easily I've tended to find that it's easier to do things if you do have a domain name, even if you've faked up one just for your LAN. Much better to have one that you've created, than the overly long localdomain that Red Hat and Fedora favour. Certainly, in the past, I'd come across one or two things that flatly refused to accept me trying to use a single hostname, insisting on a domain name with some dots in it. -- [tim@localhost ~]$ uname -rsvp Linux 3.6.6-1.fc17.x86_64 #1 SMP Mon Nov 5 21:59:35 UTC 2012 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning - CORRECTION
Reindl Harald h.rei...@thelounge.net writes: Am 17.11.2012 00:10, schrieb lee: You never get guest computers, or get asked to take in someone else's computer and fix it, or install Linux on it for them? You never add new devices? Some of which really expect DHCP (network printers, gaming consoles, media devices). Or had to change some hardware, only to find that the bastard device wants to be on a 192.168.1.x network rather than a 192.168.0.x network that you're using, and you have to manually change everything around, individually, to work past this. DHCP is a falsedeity-send, not a curse. No, I don't have these problems and no need for DHCP, so why waste resources on it. so disable NM and dhcpd and write your config in ifcfg-eth0 and after enable network.service your are done - what exactly is the problem to do it the way it was done the last 20 years and is currently done in every network maintained by admins? The problems are like not being given a choice when installing, insufficient documentation, too many dependencies on networkmanager, installing two conflicting systems to configure the network without a choice and Fedora having its own particular way of configuring the network interfaces (For example, Debian does it totally differently.). Besides, Fedora doesn't even exist 20 years yet, and not every network is set up identically. without NM you can write nto any network-config file inclduing /etc/resilv.conf what you want Networkmanager is forcibly installed by default and breaks things when you do that --- add that to the list of problems. It should either use its own independent way or operate according to the information provided in such files instead of messing things up when you edit them. The way it is, it's broken by design. Fedora should either fix it or deprecate it. -- Fedora 17 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning - CORRECTION
Am 17.11.2012 16:25, schrieb lee: Networkmanager is forcibly installed by default and breaks things when you do that --- add that to the list of problems. It should either use its own independent way or operate according to the information provided in such files instead of messing things up when you edit them. The way it is, it's broken by design. Fedora should either fix it or deprecate it deprecate what? network.service? works for me since forever and now like a charme [root@srv-rhsoft:~]$ rpm -qa | grep -i networkmanager NetworkManager-glib-0.9.6.4-2.fc17.x86_64 the DEFAULT IS NetworkManager most users have no clue about networks at all they are mostly fine with it the advanced users should be easily able to configure it like the they want or they are not advanced the root problem is trying to make anything going automatically detected and useable without reading documentations and trying to understand how the system works which will NEVER be successful over the long and should NOT be the target for linux for users which bothers about nothing there are two other operating systems, no need to have a third one while the try to saitisfy any usergroup makes the lifes of advanced users learning how their system works very hard by wasting their knowledge permanently with rough changes - on a well designed system you should not need read manpages for the same things every few months again signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning - CORRECTION
Reindl Harald h.rei...@thelounge.net writes: Am 17.11.2012 16:25, schrieb lee: Networkmanager is forcibly installed by default and breaks things when you do that --- add that to the list of problems. It should either use its own independent way or operate according to the information provided in such files instead of messing things up when you edit them. The way it is, it's broken by design. Fedora should either fix it or deprecate it deprecate what? network.service? no, networkmanager -- Fedora 17 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning - CORRECTION
Am 17.11.2012 20:04, schrieb lee: Reindl Harald h.rei...@thelounge.net writes: Am 17.11.2012 16:25, schrieb lee: Networkmanager is forcibly installed by default and breaks things when you do that --- add that to the list of problems. It should either use its own independent way or operate according to the information provided in such files instead of messing things up when you edit them. The way it is, it's broken by design. Fedora should either fix it or deprecate it deprecate what? network.service? no, networkmanager on notebooks switching between a lot of networks NM is OK, yu do not want let the noob-user manage network.service in such usecases but on WORKSTATIONS and SERVERS with a static, wired connection really nobody needs NM at all signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning - CORRECTION
Tim: I'd say, if you're installing BIND, then run a DHCP server on that same computer, and disable any other DHCP servers on your LAN (such as in your modem/router). Configure your DHCP server to tell all clients on your network the addresses for configuring your network (gateway, DNS servers, etc.). Then leave NetworkManager running normally, without any manual configuration on each client. That gets you a normal running network, where each client is centrally configured from one server. There's no messing around with any client configuration on any client. You can have dynamic or static IPs, for your clients, this way. It depends on how you configure your DHCP server. lee: Why waste resources by running all this? If bothering to install a name server, why stop at a half-arsed job? On anything more than a two or three machine LAN, it rapidly becomes a nuisance to maintain hosts files. Been there, done that, not going to do it again. Once done, it's easy enough to have the name server resolve local machine names (which certainly aids some LAN networking, such as internal mail, or other internal LAN or external services, new system installs, and all manner of things become easier when you don't have to laboriously hand-configure the client). And it's easy enough to configure your DHCP server to set client addresses as desired. It's even relatively easy enough to tie the DHCP and DNS servers together, so one updates the other, when devices are added. I did this years ago, and never had to fudge around with hosts files again. Never had to memorise which IPs referred to which machines, as I could use hostnames on any machine. Never had to memorise all the parameters that I'd have to set up into a client's configuration to make it join the network. Just plug in the cable and it goes. It's not like the IPs would change Ya think? You never get guest computers, or get asked to take in someone else's computer and fix it, or install Linux on it for them? You never add new devices? Some of which really expect DHCP (network printers, gaming consoles, media devices). Or had to change some hardware, only to find that the bastard device wants to be on a 192.168.1.x network rather than a 192.168.0.x network that you're using, and you have to manually change everything around, individually, to work past this. DHCP is a falsedeity-send, not a curse. -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning - CORRECTION
Reindl Harald h.rei...@thelounge.net writes: Am 15.11.2012 18:38, schrieb lee: Tim ignored_mail...@yahoo.com.au writes: Allegedly, on or about 12 November 2012, lee sent: If you're using a chaching name server, you might not want the search option. You probably do. It, or a similar option, will be used so that ping hostname successfully translates into ping hostname.domainname on your network. With dhcp and no resolving for local host names other than from what's in /etc/hosts because the name server is only caching? you need to understand what search does it is independent from dhcp or anything else I'm not saying it won't work. My point is that there are three options in this case: 1.) omit the search option 2.) put a non-existent domain into the search option 3.) put an existing domain into the search option No. 2.) isn't useful, no. 3.) leads to unexpected results and confusion[1] and therefore isn't very useful, either. It leads to unexpected results and confusion because who says that when someone does 'ping host' or something similar that they want to refer to any external hosts? So why specify a search option in this case? [1]: unless it is your own domain, which doesn't apply in this case because there is none, and there is no name resolution for hosts on the LAN that would be part of such a domain so that 'ping host' won't work with 'search example.com' anyway, and that makes specifying the search option pointless because it will either not work or only lead to confusion and unexpected results which is why the OP might not want to use the search option with his caching-only name server -- Fedora 17 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning - CORRECTION
Am 16.11.2012 21:45, schrieb lee: 1.) omit the search option 2.) put a non-existent domain into the search option 3.) put an existing domain into the search option No. 2.) isn't useful correct no. 3.) leads to unexpected results and confusion[1] and therefore isn't very useful, either. It leads to unexpected results and confusion because who says that when someone does 'ping host' or something similar that they want to refer to any external hosts? it is designed for people who have tehir own domain and even if it is only a named in the local network So why specify a search option in this case? because it does not hurt much and bring you a lot of benfits in networks with a local domain, maybe i would need a new keyboard this time if i have to type thelounge.net in any workflow i do (rsync, ssh...) [1]: unless it is your own domain, which doesn't apply in this case because there is none, and there is no name resolution for hosts on the LAN that would be part of such a domain so that 'ping host' won't work with 'search example.com' anyway, and that makes specifying the search option pointless because it will either not work or only lead to confusion and unexpected results which is why the OP might not want to use the search option with his caching-only name server not really the only thing that happens is that any name resolution tries nonfq.exmaple.com, i agree that it makes no sense if there is no useful domain but the benefits for cases where you have one beats the overhead easily signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning - CORRECTION
Reindl Harald h.rei...@thelounge.net writes: Am 16.11.2012 21:45, schrieb lee: 1.) omit the search option 2.) put a non-existent domain into the search option 3.) put an existing domain into the search option No. 2.) isn't useful correct no. 3.) leads to unexpected results and confusion[1] and therefore isn't very useful, either. It leads to unexpected results and confusion because who says that when someone does 'ping host' or something similar that they want to refer to any external hosts? it is designed for people who have tehir own domain and even if it is only a named in the local network So why specify a search option in this case? because it does not hurt much and bring you a lot of benfits in networks with a local domain, maybe i would need a new keyboard this time if i have to type thelounge.net in any workflow i do (rsync, ssh...) [1]: unless it is your own domain, which doesn't apply in this case because there is none, and there is no name resolution for hosts on the LAN that would be part of such a domain so that 'ping host' won't work with 'search example.com' anyway, and that makes specifying the search option pointless because it will either not work or only lead to confusion and unexpected results which is why the OP might not want to use the search option with his caching-only name server not really the only thing that happens is that any name resolution tries nonfq.exmaple.com, i agree that it makes no sense if there is no useful domain but the benefits for cases where you have one beats the overhead easily And we are talking here exactly about the case where someone doesn't have any local domain and no name resolution for the hosts on the LAN because there is a caching-only name server in use, so I said that the search option might not be wanted. If you do have a local domain and named configured accordingly, there isn't any overhead from specifying the search option, is there? -- Fedora 17 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning - CORRECTION
Tim ignored_mail...@yahoo.com.au writes: Tim: I'd say, if you're installing BIND, then run a DHCP server on that same computer, and disable any other DHCP servers on your LAN (such as in your modem/router). Configure your DHCP server to tell all clients on your network the addresses for configuring your network (gateway, DNS servers, etc.). Then leave NetworkManager running normally, without any manual configuration on each client. That gets you a normal running network, where each client is centrally configured from one server. There's no messing around with any client configuration on any client. You can have dynamic or static IPs, for your clients, this way. It depends on how you configure your DHCP server. lee: Why waste resources by running all this? If bothering to install a name server, why stop at a half-arsed job? On anything more than a two or three machine LAN, it rapidly becomes a nuisance to maintain hosts files. Been there, done that, not going to do it again. Apparently the OP doesn't want to set up more than a caching-only name server. Remember that I recommended to set up named instead because it has its advantages. Once done, it's easy enough to have the name server resolve local machine names (which certainly aids some LAN networking, such as internal mail, or other internal LAN or external services, new system installs, and all manner of things become easier when you don't have to laboriously hand-configure the client). And it's easy enough to configure your DHCP server to set client addresses as desired. It's even relatively easy enough to tie the DHCP and DNS servers together, so one updates the other, when devices are added. I did this years ago, and never had to fudge around with hosts files again. Never had to memorise which IPs referred to which machines, as I could use hostnames on any machine. Never had to memorise all the parameters that I'd have to set up into a client's configuration to make it join the network. Just plug in the cable and it goes. It's not like the IPs would change Ya think? You never get guest computers, or get asked to take in someone else's computer and fix it, or install Linux on it for them? You never add new devices? Some of which really expect DHCP (network printers, gaming consoles, media devices). Or had to change some hardware, only to find that the bastard device wants to be on a 192.168.1.x network rather than a 192.168.0.x network that you're using, and you have to manually change everything around, individually, to work past this. DHCP is a falsedeity-send, not a curse. No, I don't have these problems and no need for DHCP, so why waste resources on it. -- Fedora 17 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning - CORRECTION
Am 17.11.2012 00:10, schrieb lee: You never get guest computers, or get asked to take in someone else's computer and fix it, or install Linux on it for them? You never add new devices? Some of which really expect DHCP (network printers, gaming consoles, media devices). Or had to change some hardware, only to find that the bastard device wants to be on a 192.168.1.x network rather than a 192.168.0.x network that you're using, and you have to manually change everything around, individually, to work past this. DHCP is a falsedeity-send, not a curse. No, I don't have these problems and no need for DHCP, so why waste resources on it. so disable NM and dhcpd and write your config in ifcfg-eth0 and after enable network.service your are done - what exactly is the problem to do it the way it was done the last 20 years and is currently done in every network maintained by admins? without NM you can write nto any network-config file inclduing /etc/resilv.conf what you want - NM is for mobile devcies and user who doe snot have any clue about networks, fro both user groups is fine, for the otehrs it is unuseable and that is why network.service with the classical config exists [root@srv-rhsoft:~]$ cat /etc/sysconfig/network-scripts/ifcfg-eth0 ### # LAN # ### DEVICE=eth0 IPADDR=192.168.2.2 NETWORK=192.168.2.0 BROADCAST=192.168.2.255 NETMASK=255.255.255.0 TYPE=Ethernet BOOTPROTO=static ONBOOT=yes NM_CONTROLLED=no USERCTL=no IPV6INIT=no MTU=1500 [root@srv-r signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning - CORRECTION
Allegedly, on or about 12 November 2012, lee sent: If you're using a chaching name server, you might not want the search option. You probably do. It, or a similar option, will be used so that ping hostname successfully translates into ping hostname.domainname on your network. install bind, set it up and check if it works. Then turn off DHCP unless you really must have it and give all the computers on your LAN their unique names and IPs. Use only the name servers you have set up yourself (which is probably only one) and make all clients use those and no other ones. I'd say, if you're installing BIND, then run a DHCP server on that same computer, and disable any other DHCP servers on your LAN (such as in your modem/router). Configure your DHCP server to tell all clients on your network the addresses for configuring your network (gateway, DNS servers, etc.). Then leave NetworkManager running normally, without any manual configuration on each client. That gets you a normal running network, where each client is centrally configured from one server. There's no messing around with any client configuration on any client. You can have dynamic or static IPs, for your clients, this way. It depends on how you configure your DHCP server. -- [tim@localhost ~]$ uname -rsvp Linux 3.6.6-1.fc17.x86_64 #1 SMP Mon Nov 5 21:59:35 UTC 2012 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
Tim: I tested using dig and nslookup, I already knew that they tell which server answered, they told me that the same one kept answering. Chris Adams: Those tools are really for debugging of DNS itself, and they do not use the normal resolver library (or at least not in the normal way). I believe the host command does use the normal resolver (like any other program). Using the host command (i.e. host -v example.com), was no different than using dig or nslookup, it always queried the first DNS server. I do notice that having options rotate in my /etc/resolv.conf file is upsetting my mail client (making it intermittently fail), so it does have some effect. And it doesn't seem to matter whereabouts I put the option in the command file (before, or after, the name servers) As part of the test, I put two DNS servers in the resolv.conf file, one of which cannot resolve my LAN addresses, and the mail client is using the LAN mail server. Unfortunately, that other DNS server doesn't provide logs (it's in the modem/router), so I can't tell what it's doing for absolute certain. But the mail client behaviour does point to the rotate option doing what it ought to. Oddly enough, it doesn't seem to be upsetting lynx, which should, also, randomly be unable to resolve a LAN webserver address. I'll have to try another test, later, when I have another computer with a proper DNS server installed on it, so I can watch access logs on two servers during queries. -- [tim@localhost ~]$ uname -rsvp Linux 3.6.6-1.fc17.x86_64 #1 SMP Mon Nov 5 21:59:35 UTC 2012 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. -- [tim@localhost ~]$ uname -rsvp Linux 3.6.6-1.fc17.x86_64 #1 SMP Mon Nov 5 21:59:35 UTC 2012 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning - CORRECTION
Tim ignored_mail...@yahoo.com.au writes: Allegedly, on or about 12 November 2012, lee sent: If you're using a chaching name server, you might not want the search option. You probably do. It, or a similar option, will be used so that ping hostname successfully translates into ping hostname.domainname on your network. With dhcp and no resolving for local host names other than from what's in /etc/hosts because the name server is only caching? install bind, set it up and check if it works. Then turn off DHCP unless you really must have it and give all the computers on your LAN their unique names and IPs. Use only the name servers you have set up yourself (which is probably only one) and make all clients use those and no other ones. I'd say, if you're installing BIND, then run a DHCP server on that same computer, and disable any other DHCP servers on your LAN (such as in your modem/router). Configure your DHCP server to tell all clients on your network the addresses for configuring your network (gateway, DNS servers, etc.). Then leave NetworkManager running normally, without any manual configuration on each client. That gets you a normal running network, where each client is centrally configured from one server. There's no messing around with any client configuration on any client. You can have dynamic or static IPs, for your clients, this way. It depends on how you configure your DHCP server. Why waste resources by running all this? It's not like the IPs would change and not like networkmanager was needed. I wouldn't want to have an obsolete daemon running all the time for nothing, so even if networkmanager had worked, sooner or later I'd have disabled it. And it's not like networkmanager isn't doing anything or it wouldn't have overwritten my resolv.conf every time I put it back, so it's definitely a waste of resources. Unless you have special circumstances in which it is useful, it is better to disable networkmanager. -- Fedora 17 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning - CORRECTION
Am 15.11.2012 18:38, schrieb lee: Tim ignored_mail...@yahoo.com.au writes: Allegedly, on or about 12 November 2012, lee sent: If you're using a chaching name server, you might not want the search option. You probably do. It, or a similar option, will be used so that ping hostname successfully translates into ping hostname.domainname on your network. With dhcp and no resolving for local host names other than from what's in /etc/hosts because the name server is only caching? you need to understand what search does it is independent from dhcp or anything else cat /etc/resolv.conf nameserver 127.0.0.1 search rhsoft.net thelounge.net vmware.local test.rh if i type hostname ANY software tries to reslove it in exactly this order and a broser would send a host-header, for 99.9% of services it is enough to reslove the DNS name to a IP fpr http the server must have a serveralias without the domain to deliver the correct vhost ___ practical example: http://testserver/ - i have done [harry@srv-rhsoft:~]$ ping testserver PING testserver.rhsoft.net (84.113.45.81) 56(84) bytes of data. 64 bytes from testserver.rhsoft.net (84.113.45.81): icmp_req=1 ttl=50 time=0.287 ms 64 bytes from testserver.rhsoft.net (84.113.45.81): icmp_req=2 ttl=50 time=0.215 ms why should i like to need permanently type a FQ path? :-) signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
Tim ignored_mail...@yahoo.com.au writes: Allegedly, on or about 13 November 2012, Rick Stevens sent: It may have to be above the nameserver specifications: domain blah search blah options attempts:1 timeout:2 nameserver blah nameserver blah In other words, it may only take effect from the time it's seen in the file. If you put it at the end, it has no effect. Not sure about that, but give it a whirl. I was only trying out the rotate option, but it makes no difference where it is in the file, as far my tests with the dig and nslookup commands, go. It may well be that *they* read the resolv.conf file in their own manner, only looking for nameserver lines. Short of reading through the nameserver logs, I can't think of another tool to test with that tells me which nameserver answered its query. I'll try that later on. When you use two name servers and turn on the query logging ('rndc querylog on') on at least one of them, you can see if the one that logs the requests has answered one or not. Also, dig tells you which server answered and how long it took: , | [~] dig 8.8.8.8 | [...] | ;; Query time: 1 msec | ;; SERVER: 127.0.0.1#53(127.0.0.1) | ;; WHEN: Wed Nov 14 12:37:47 2012 | ;; MSG SIZE rcvd: 111 | | [~] dig @8.8.8.8 8.8.8.8 | [...] | ;; Query time: 40 msec | ;; SERVER: 8.8.8.8#53(8.8.8.8) | ;; WHEN: Wed Nov 14 12:37:53 2012 | ;; MSG SIZE rcvd: 111 | | [~] ` -- Fedora 17 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
Tim: I was only trying out the rotate option, but it makes no difference where it is in the file, as far my tests with the dig and nslookup commands, go. It may well be that *they* read the resolv.conf file in their own manner, only looking for nameserver lines. Short of reading through the nameserver logs, I can't think of another tool to test with that tells me which nameserver answered its query. I'll try that later on. lee: When you use two name servers and turn on the query logging ('rndc querylog on') on at least one of them, you can see if the one that logs the requests has answered one or not. Also, dig tells you which server answered and how long it took: Methinks you didn't read what I wrote. I tested using dig and nslookup, I already knew that they tell which server answered, they told me that the same one kept answering. Nor, noticed where I mentioned the timing of results, in an earlier message. So, either those tools behave differently than other things doing name lookups on the system, or the system ignores the directive to round-robin the lookups. Which means doing a test with another tool, and looking at the logs, which I haven't done yet as I've been otherwise occupied. -- [tim@localhost ~]$ uname -rsvp Linux 3.6.6-1.fc17.x86_64 #1 SMP Mon Nov 5 21:59:35 UTC 2012 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
Once upon a time, Tim ignored_mail...@yahoo.com.au said: Methinks you didn't read what I wrote. I tested using dig and nslookup, I already knew that they tell which server answered, they told me that the same one kept answering. Nor, noticed where I mentioned the timing of results, in an earlier message. Those tools are really for debugging of DNS itself, and they do not use the normal resolver library (or at least not in the normal way). I believe the host command does use the normal resolver (like any other program). -- Chris Adams cmad...@hiwaay.net Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
On 11/14/2012 06:45 AM, Tim issued this missive: Tim: I was only trying out the rotate option, but it makes no difference where it is in the file, as far my tests with the dig and nslookup commands, go. It may well be that *they* read the resolv.conf file in their own manner, only looking for nameserver lines. Short of reading through the nameserver logs, I can't think of another tool to test with that tells me which nameserver answered its query. I'll try that later on. lee: When you use two name servers and turn on the query logging ('rndc querylog on') on at least one of them, you can see if the one that logs the requests has answered one or not. Also, dig tells you which server answered and how long it took: Methinks you didn't read what I wrote. I tested using dig and nslookup, I already knew that they tell which server answered, they told me that the same one kept answering. Nor, noticed where I mentioned the timing of results, in an earlier message. So, either those tools behave differently than other things doing name lookups on the system, or the system ignores the directive to round-robin the lookups. Which means doing a test with another tool, and looking at the logs, which I haven't done yet as I've been otherwise occupied. If you're testing these options, you must disable nscd (if it's running). nscd will interpose itself in the resolver library chain and answer resolver queries from its cache first. I don't know if nscd handles the options line(s) in the resolv.conf at all. -- - Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com - - AIM/Skype: therps2ICQ: 22643734Yahoo: origrps2 - -- - BASIC is the Computer Science version of `Scientific Creationism' - -- -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
Tim ignored_mail...@yahoo.com.au writes: Tim: I was only trying out the rotate option, but it makes no difference where it is in the file, as far my tests with the dig and nslookup commands, go. It may well be that *they* read the resolv.conf file in their own manner, only looking for nameserver lines. Short of reading through the nameserver logs, I can't think of another tool to test with that tells me which nameserver answered its query. I'll try that later on. lee: When you use two name servers and turn on the query logging ('rndc querylog on') on at least one of them, you can see if the one that logs the requests has answered one or not. Also, dig tells you which server answered and how long it took: Methinks you didn't read what I wrote. I tested using dig and nslookup, I already knew that they tell which server answered, they told me that the same one kept answering. Nor, noticed where I mentioned the timing of results, in an earlier message. Sorry, I didn't realise that you actually said another tool, so that would exclude dig. So, either those tools behave differently than other things doing name lookups on the system, or the system ignores the directive to round-robin the lookups. Which means doing a test with another tool, and looking at the logs, which I haven't done yet as I've been otherwise occupied. -- [tim@localhost ~]$ uname -rsvp Linux 3.6.6-1.fc17.x86_64 #1 SMP Mon Nov 5 21:59:35 UTC 2012 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. -- Fedora 17 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
Bob Goodwin: I always naively assumed they were used in the order listed, now you've introduced an element of doubt, I used to presume that, especially when you're presented with a configuration gadget that asked you to enter primary and secondary name server addresses. But that naming has disappeared, and others have described how their systems worked in the ways that I mentioned (I mean various OSs, not just Linux). So, when using different OSs, as I am. And when using OSs that get updated, from time to time, it's best to test, rather than presume they all work the way you expected them to. If it was I could give others the local and then the outside dns addresses, but no that may not work as expected. It may well work fine, if all you ever ask the name servers to do is resolve outside internet addresses. But, if you have a LAN that communicates with things within the LAN, by name, then *all* name queries need to be answered by your LAN DNS server, as no external DNS server can answer any queries about your internal LAN addresses, and there's no way for you to say resolve this name from here, and the rest from anywhere. Your only solution to that conundrum is putting LAN addresses in the hosts file, because that will be queried before asking a DNS server. Which rapidly becomes a nuisance on largish, or expanding networks. And doesn't work on networks with dynamically changing addresses. I suppose I could test that scheme using two of my computers, one getting dns service from the other and see what happened when I shut down the dns of the pair. Yes, all you can do is test, test, test. Then hope that if things are favourable, that they don't change in the next Fedora update. My own tests have always seemed to indicate that Fedora tries the first on the list, first; and only progresses down the list if there's no response to the first name server; and will always try the first server first, on each subsequent query. But my test isn't definitive, I've only done the following test, which isn't an exhaustive test of all the possibilities. 1. Run two name servers on different machines 2. Have them both listed in /etc/resolv.conf 3. Do numerous domain name queries 4. Observe that all answers came from the first server 5. Halt the first name server 6. Do numerous domain name queries 7. Observe that all answers came from the second server, with a slightly longer delay (noticeably slightly delayed, but the returned results only showed 16mS versus 5mS, and I don't think I should be able to observe such a difference, to the degree that I did) 8. Restart the first name server 9. Do numerous domain name queries 10. Observer that all answers came from the first server On point 7: When the first server is answering, the results are virtually instantaneous. i.e. There's a result as soon as I hit the enter key. But when it has to wait for the second server to respond, there's a noticeable wait after hitting enter, before anything comes back. I suspect the times returned in the results (in mS), are actually the speed of the server being queried, ignoring the time waited before attempting the second query. I seem to recall that there is a way to set the timeout delay before abandoning the first query, and querying the next server, but I don't recall the details, and there's no man file for resolv.conf on this installation of F17. I don't know if there's configuration options about always trying the first server, first. The delay could be quite noticeable if trying to browse websites, and pages incorporated content from other domain names. You'd see content slowly coming in, chunk by chunk. I'm curious about the other person (in this thread) to mention the same name server ordering issues, whether they've tested how their systems worked, and if they knew which other ones worked in the ways they mentioned. Particularly, if they knew of one that randomly used any server listed as one of your name servers. Whatever the problem yesterday it seems to be fixed today. The ISP dns appears to be working normally. However I am still interested in doing anything that improves operation. ISP behaviour changes all the time. Some of them will fiddle with their equipment as much as you might fiddle with your own computer settings. One of my prior ISPs was only one I'd ever seen admit any problems. If I wrote to them and said I had X type of troubles when I logged in at a certain time, and said what IP I'd be assigned, but things worked fine when I logged out and back in again, I'd get a reply back saying that they'd had a look at the appropriate equipment and reset it, sometimes mentioned that they'd noticed a problem with it. Of course I don't know if they were just placating me, but they didn't tell me to do something to my computer, and blame me, like every other ISP has done. They were also, actually helpful
Re: DNS problems this morning -
On 13/11/12 09:59, Tim wrote: I seem to recall that there is a way to set the timeout delay before abandoning the first query, and querying the next server, but I don't recall the details, and there's no man file for resolv.conf on this installation of F17. I don't know if there's configuration options about always trying the first server, first. It looks like there is a way. From man resolv.conf: options Options allows certain internal resolver variables to be modified. The syntax is options option ... where option is one of the following: timeout:n sets the amount of time the resolver will wait for a response from a remote name server before retrying the query via a different name server. Measured in seconds, the default is RES_TIMEOUT (currently 5, see resolv.h). The value for this option is silently capped to 30. attempts:n sets the number of times the resolver will send a query to its name servers before giving up and returning an error to the calling application. The default is RES_DFLRETRY (currently 2, see resolv.h). The value for this option is silently capped to 5. It's not clear to me how to type the command though. The 5 second timeout seems much to long when combined with 5 tries, perhaps fewer tries would be better? However I imagine there were good reasons for the defaulsts ... -- http://www.qrz.com/db/W2BOD box7 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
On Wed, Nov 14, 2012 at 01:29:31 +1030, Tim ignored_mail...@yahoo.com.au wrote: It may well work fine, if all you ever ask the name servers to do is resolve outside internet addresses. But, if you have a LAN that communicates with things within the LAN, by name, then *all* name queries need to be answered by your LAN DNS server, as no external DNS server can answer any queries about your internal LAN addresses, and there's no way for you to say resolve this name from here, and the rest from anywhere. Your only solution to that conundrum is putting LAN addresses in the hosts file, because that will be queried before asking a DNS server. Which rapidly becomes a nuisance on largish, or expanding networks. And doesn't work on networks with dynamically changing addresses. You can use tinydns and dnscache to work around this. I think there are also ways to do it with bind, but I don't use it and can't say for sure. dnscache allows you to specify that certain domains (the local LAN domain in this case) are handled by dns servers at specific IP addresses rather than starting at the root for discovery. You can use tinydns to provide DNS information for your local domain name. Machines on your LAN just need to point to the dnscache server(s) to resolve both public and local domain information. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
Tim: It may well work fine, if all you ever ask the name servers to do is resolve outside internet addresses. But, if you have a LAN that communicates with things within the LAN, by name, then *all* name queries need to be answered by your LAN DNS server, as no external DNS server can answer any queries about your internal LAN addresses, and there's no way for you to say resolve this name from here, and the rest from anywhere. Your only solution to that conundrum is putting LAN addresses in the hosts file, because that will be queried before asking a DNS server. Which rapidly becomes a nuisance on largish, or expanding networks. And doesn't work on networks with dynamically changing addresses. Bruno Wolff III: You can use tinydns and dnscache to work around this. I think there are also ways to do it with bind, but I don't use it and can't say for sure. BIND allows you to do all sorts of magic tricks about how it answers queries, but you don't have to do anything fancy to make BIND handle local and external addresses properly. You just put your local addresses in as normal records, and it answers them fine. It goes out to the root servers, as a DNS server should to, to answer queries about addresses it doesn't know about. -- [tim@localhost ~]$ uname -rsvp Linux 3.6.6-1.fc17.x86_64 #1 SMP Mon Nov 5 21:59:35 UTC 2012 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
Tim wrote: I seem to recall that there is a way to set the timeout delay before abandoning the first query, and querying the next server, but I don't recall the details, and there's no man file for resolv.conf on this installation of F17. I don't know if there's configuration options about always trying the first server, first. Bob Goodwin: It looks like there is a way. As I mentioned further down in my prior message... (the same details, and the strange lack of a resolv.conf man file on my installation). From man resolv.conf: options Options allows certain internal resolver variables to be modified. The syntax is options option ... where option is one of the following: timeout:n sets the amount of time the resolver will wait for a response from a remote name server before retrying the query via a different name server. Measured in seconds, the default is RES_TIMEOUT (currently 5, see resolv.h). The value for this option is silently capped to 30. The default timeout on my system is definitely not 5 seconds, so it's been reset /somewhere/. attempts:n sets the number of times the resolver will send a query to its name servers before giving up and returning an error to the calling application. The default is RES_DFLRETRY (currently 2, see resolv.h). The value for this option is silently capped to 5. It's not clear to me how to type the command though. The 5 second timeout seems much to long when combined with 5 tries, perhaps fewer tries would be better? However I imagine there were good reasons for the defaulsts ... My reading of the man file suggested that one would add the options into the resolv.conf file. Else why else are they mentioned in the man file for it? e.g. /etc/resolv.conf domain lan.example.com. search lan.example.com. nameserver 192.168.1.2 options timeout:1 But what would the syntax be? Like I've tried, above? Are there any samples in your man file? -- [tim@localhost ~]$ uname -rsvp Linux 3.6.6-1.fc17.x86_64 #1 SMP Mon Nov 5 21:59:35 UTC 2012 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
On 11/13/2012 08:38 AM, Bob Goodwin - Zuni, Virginia, USA issued this missive: On 13/11/12 09:59, Tim wrote: I seem to recall that there is a way to set the timeout delay before abandoning the first query, and querying the next server, but I don't recall the details, and there's no man file for resolv.conf on this installation of F17. I don't know if there's configuration options about always trying the first server, first. It looks like there is a way. From man resolv.conf: options Options allows certain internal resolver variables to be modified. The syntax is options option ... where option is one of the following: timeout:n sets the amount of time the resolver will wait for a response from a remote name server before retrying the query via a different name server. Measured in seconds, the default is RES_TIMEOUT (currently 5, see resolv.h). The value for this option is silently capped to 30. attempts:n sets the number of times the resolver will send a query to its name servers before giving up and returning an error to the calling application. The default is RES_DFLRETRY (currently 2, see resolv.h). The value for this option is silently capped to 5. It's not clear to me how to type the command though. You don't. You put the entries in the /etc/resolv.conf file and the resolver library picks them up. The 5 second timeout seems much to long when combined with 5 tries, perhaps fewer tries would be better? However I imagine there were good reasons for the defaulsts ... If you've ever run a big network (or a really popular one) you can watch the DNS servers get pummeled--especially if you have short TTLs set on the records. That being said, even a busy name server should respond in 5 seconds or less, so that seems reasonable. The default retry count is 2 (not 5) so the defaults as stated would result in a 10 second delay before the second DNS server is consulted. Yes, that seems an eternity, but not everyone has fast Internet access. There are still people with dial-up service (hard to believe, but they're out there). The standards were set up to accommodate these older environments. If you want a true giggle, look up RFC 1149, Transmission of IP Datagrams on Avian Carriers and be glad that it never caught on. :-) You can put in as long a timeout or as many retries as you want, but the library will limit timeouts to no more than 30 seconds (even if you specify 45) and no more than 5 retries (even if you specify 10). That's what the silently capped bit means. -- - Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com - - AIM/Skype: therps2ICQ: 22643734Yahoo: origrps2 - -- - To err is human. To forgive, a large sum of money is needed.- -- -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
On 11/13/2012 10:04 AM, Tim issued this missive: snip My reading of the man file suggested that one would add the options into the resolv.conf file. Else why else are they mentioned in the man file for it? e.g. /etc/resolv.conf domain lan.example.com. search lan.example.com. nameserver 192.168.1.2 options timeout:1 But what would the syntax be? Like I've tried, above? Are there any samples in your man file? That's the right syntax, but since you only have one name server specified the timeout would be essentially ignored. -- - Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com - - AIM/Skype: therps2ICQ: 22643734Yahoo: origrps2 - -- - I'd explain it to you, but your brain might explode. - -- -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
Tim: My reading of the man file suggested that one would add the options into the resolv.conf file. Else why else are they mentioned in the man file for it? e.g. /etc/resolv.conf domain lan.example.com. search lan.example.com. nameserver 192.168.1.2 options timeout:1 But what would the syntax be? Like I've tried, above? Are there any samples in your man file? Rick Stevens: That's the right syntax, but since you only have one name server specified the timeout would be essentially ignored. When tried on my actual settings, which did have two nameservers, it didn't appear to change anything. Well, not to the dig or nslookup commands. -- [tim@localhost ~]$ uname -rsvp Linux 3.6.6-1.fc17.x86_64 #1 SMP Mon Nov 5 21:59:35 UTC 2012 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
On 11/13/2012 10:31 AM, Tim issued this missive: Tim: My reading of the man file suggested that one would add the options into the resolv.conf file. Else why else are they mentioned in the man file for it? e.g. /etc/resolv.conf domain lan.example.com. search lan.example.com. nameserver 192.168.1.2 options timeout:1 But what would the syntax be? Like I've tried, above? Are there any samples in your man file? Rick Stevens: That's the right syntax, but since you only have one name server specified the timeout would be essentially ignored. When tried on my actual settings, which did have two nameservers, it didn't appear to change anything. Well, not to the dig or nslookup commands. It may have to be above the nameserver specifications: domain blah search blah options attempts:1 timeout:2 nameserver blah nameserver blah In other words, it may only take effect from the time it's seen in the file. If you put it at the end, it has no effect. Not sure about that, but give it a whirl. -- - Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com - - AIM/Skype: therps2ICQ: 22643734Yahoo: origrps2 - -- -- -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
On 13/11/12 13:06, Rick Stevens wrote: You don't. You put the entries in the /etc/resolv.conf file and the resolver library picks them up. The 5 second timeout seems much to long when combined with 5 tries, perhaps fewer tries would be better? However I imagine there were good reasons for the defaulsts ... If you've ever run a big network (or a really popular one) you can watch the DNS servers get pummeled--especially if you have short TTLs set on the records. That being said, even a busy name server should respond in 5 seconds or less, so that seems reasonable. The default retry count is 2 (not 5) so the defaults as stated would result in a 10 second delay before the second DNS server is consulted. Yes, that seems an eternity, but not everyone has fast Internet access. There are still people with dial-up service (hard to believe, but they're out there). The standards were set up to accommodate these older environments. If you want a true giggle, look up RFC 1149, Transmission of IP Datagrams on Avian Carriers and be glad that it never caught on. :-) You can put in as long a timeout or as many retries as you want, but the library will limit timeouts to no more than 30 seconds (even if you specify 45) and no more than 5 retries (even if you specify 10). That's what the silently capped bit means. I've tried the following: # Generated by NetworkManager nameserver 127.0.0.1 nameserver 192.168.1.1 nameserver 184.63.128.68 timeout:1 attempts:1 I moved 127.0.0.1 to the first line and added the last two limitations. The only way I have to judge time is watching the bottom of the Firefox display where it tells me it's Looking up an address and doing a number of reloads on a complex page, e.g. http://www.weather.com/weather/tenday/23898. It appears to moving through rapidly, I don't see it dwelling on Looking up but for a fraction of a second, spending more time transferring data. Is there a better way to test? -- http://www.qrz.com/db/W2BOD box7 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
On 11/13/2012 11:12 AM, Bob Goodwin - Zuni, Virginia, USA issued this missive: On 13/11/12 13:06, Rick Stevens wrote: You don't. You put the entries in the /etc/resolv.conf file and the resolver library picks them up. The 5 second timeout seems much to long when combined with 5 tries, perhaps fewer tries would be better? However I imagine there were good reasons for the defaulsts ... If you've ever run a big network (or a really popular one) you can watch the DNS servers get pummeled--especially if you have short TTLs set on the records. That being said, even a busy name server should respond in 5 seconds or less, so that seems reasonable. The default retry count is 2 (not 5) so the defaults as stated would result in a 10 second delay before the second DNS server is consulted. Yes, that seems an eternity, but not everyone has fast Internet access. There are still people with dial-up service (hard to believe, but they're out there). The standards were set up to accommodate these older environments. If you want a true giggle, look up RFC 1149, Transmission of IP Datagrams on Avian Carriers and be glad that it never caught on. :-) You can put in as long a timeout or as many retries as you want, but the library will limit timeouts to no more than 30 seconds (even if you specify 45) and no more than 5 retries (even if you specify 10). That's what the silently capped bit means. I've tried the following: # Generated by NetworkManager nameserver 127.0.0.1 nameserver 192.168.1.1 nameserver 184.63.128.68 timeout:1 attempts:1 I moved 127.0.0.1 to the first line and added the last two limitations. The only way I have to judge time is watching the bottom of the Firefox display where it tells me it's Looking up an address and doing a number of reloads on a complex page, e.g. http://www.weather.com/weather/tenday/23898. It appears to moving through rapidly, I don't see it dwelling on Looking up but for a fraction of a second, spending more time transferring data. Is there a better way to test? Format is options timeout:1 attempts:1, and I'd move it above the nameserver lines. -- - Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com - - AIM/Skype: therps2ICQ: 22643734Yahoo: origrps2 - -- - Grabel's Law: 2 is not equal to 3--not even for large values of 2. - -- -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
On 13/11/12 14:32, Rick Stevens wrote: Is there a better way to test? Format is options timeout:1 attempts:1, and I'd move it above the nameserver lines. Good, I've changed resolv.conf: [bobg@box7 ~]$ cat /etc/resolv.conf # Generated by NetworkManager options timeout:1 attempts:1 nameserver 127.0.0.1 nameserver 192.168.1.1 nameserver 184.63.128.68 It appears to be working very well observing the information in the Firefox display. Certainly no trace of the problems I had this weekend, but then it appears Viasat has fixed whatever broke. -- http://www.qrz.com/db/W2BOD box7 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
On 11/13/2012 11:54 AM, Bob Goodwin - Zuni, Virginia, USA issued this missive: On 13/11/12 14:32, Rick Stevens wrote: Is there a better way to test? Format is options timeout:1 attempts:1, and I'd move it above the nameserver lines. Good, I've changed resolv.conf: [bobg@box7 ~]$ cat /etc/resolv.conf # Generated by NetworkManager options timeout:1 attempts:1 nameserver 127.0.0.1 nameserver 192.168.1.1 nameserver 184.63.128.68 It appears to be working very well observing the information in the Firefox display. Certainly no trace of the problems I had this weekend, but then it appears Viasat has fixed whatever broke. Glad to help. Yes, it's not clear, but the resolv.conf is read each time the library is invoked and I think the options line affects things after it in the file. -- - Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com - - AIM/Skype: therps2ICQ: 22643734Yahoo: origrps2 - -- - Let us think the unthinkable. Let us do the undoable. Let us - - prepare to grapple with the ineffable itself, and see if we may - - not eff it up after all. - - -- Douglas Adams - -- -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
Bob Goodwin: The only way I have to judge time is watching the bottom of the Firefox display where it tells me it's Looking up an address and doing a number of reloads on a complex page It's hard to test DNS activity using Firefox, as it does its own caching. To make it look up the same address, again, you need to completely quit all instances of the browser program (i.e. close *all* Firefox windows, not just the one you're looking at). -- [tim@localhost ~]$ uname -rsvp Linux 3.6.6-1.fc17.x86_64 #1 SMP Mon Nov 5 21:59:35 UTC 2012 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
Allegedly, on or about 13 November 2012, Rick Stevens sent: It may have to be above the nameserver specifications: domain blah search blah options attempts:1 timeout:2 nameserver blah nameserver blah In other words, it may only take effect from the time it's seen in the file. If you put it at the end, it has no effect. Not sure about that, but give it a whirl. I was only trying out the rotate option, but it makes no difference where it is in the file, as far my tests with the dig and nslookup commands, go. It may well be that *they* read the resolv.conf file in their own manner, only looking for nameserver lines. Short of reading through the nameserver logs, I can't think of another tool to test with that tells me which nameserver answered its query. I'll try that later on. -- [tim@localhost ~]$ uname -rsvp Linux 3.6.6-1.fc17.x86_64 #1 SMP Mon Nov 5 21:59:35 UTC 2012 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning - CORRECTION
Reindl Harald: maybe you have a crappy ISP which blocks DNS if it is not their own one - let me guess: USA, here in europe it is absolutely no probem to setup a dns-server which does recursion and never tocuhes any ISp crap, some providers think they knpw better what their users nedd Bob Goodwin: Yes but even then that should not prevent me from using my own nameserver? No, but... Nothing the ISP does can prevent you from using your DNS servers. Such activity is within your LAN. However, your ISP can prevent your DNS server from working properly, and you end up with no improvement. Describing fully working networking, in a nutshell: You try to browse a page on google.com, your browser asks your TCP/IP stack for the IP to connect to google.com. Which, usually, first looks in your /etc/hosts file, then, if there was no answer, asks one of the DNS servers listed in your /etc/resolv.conf file. If that DNS servers has an answer, it tells you it. But if it doesn't have an answer, it asks another external DNS server for .com to tell it which name server has records for google.com, then it asks that name server the IP for google.com, and that information gets relayed back through all of the DNS servers back to you. They cache that information for a while, so that the next person asking for the IP for google.com gets the locally cached information, instead of going through the whole chain. But, if the name server replies back with there is no answer, that's the end of the query. Your attempt to find an IP for google.com is completely aborted. Alternatively, if the first DNS server you query doesn't respond, at all, to any queries, the next DNS server will be queried, instead. And the whole sequence of events is gone through. NB: The prior paragraph mentions a major gotcha: If the first server gives an answer, even if the answer is I dunno, that's the end of it. Now, the curly thing is which server is asked when you have several listed in /etc/resolv.conf. Traditionally, one would have queried the first on the list, then the second on the list, then the third, if any of the prior ones just didn't respond. Then, the next query will try the first server, first, then the second server next, then the third server, last. Ad infinitum. However, some TCP/IP stacks don't work that way. Some will try the first name server, and then the next, and then the next. And will do all future enquiries with the server that actually responded, until such time that server doesn't respond. Then it'll try to ask a different one. Some will randomly ask any server on the list. I don't know which technique Fedora's networking software will use, I've never bothered to test this. --- Now, describing a bad ISP. You try to browse google.com, your network asks your DNS server for the IP for google, and if it doesn't know, it'll try to do the right thing and find the answer from the .com DNS server, but your ISP intercepts the query, and handles it all by itself. If their DNS server answers okay, then no real problem. But if their DNS server sucks, you're screwed. You can't bypass it. I always used other dns servers, recently opendns, until March when this high speed satellite service became available and eventually I found that it was not using my opendns but it's own! And as you say it's crappy Was it you that we had this discussion with before? I can never remember who's doing what in threads, especially old or long-lasting ones. -- [tim@localhost ~]$ uname -rsvp Linux 3.6.6-1.fc17.x86_64 #1 SMP Mon Nov 5 21:59:35 UTC 2012 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
Tim: Configure the other computers on your LAN to use the DNS server computer's IP address as their DNS server. It's as simple as that. Bob Goodwin: Will dns look-ups from the other computers be added to the nameserver list? You appear to have the wrong end of the stick. When any client on your LAN asks your DNS server for an address, the DNS server makes a query to external DNS servers, caches the results, and tells your client the answer. The next client on your LAN to ask about the same address, will be told the cached answer. Telling your clients which DNS server to use is another matter. What if my computer is shut down for the night, will the others go on and use the ISP dns? If you had, say your DNS server at 192.168.0.1, and clients configured to only use 192.168.0.1 as their DNS server, then they're reliant on 192.168.0.1 always being there. If you had configured your clients with a list of DNS servers, they'll query one of them, only trying other ones when they don't get any response. I don't know what determines which DNS server will get queried out of a list, whether Fedora will do it sequentially down the list, or randomly. Nor whether any subsequent queries will use the same server as the last time, or pick another one each time. The complications are: If your other computers are assigned addresses by DHCP, then you have to put overrides on the individual client configuration, or configure the DHCP server to say that *YOUR* DNS server is the LAN's DNS server to all computers that ask it for an address (I do this with mine). DHCP via the router was the path of least resistance, they get static assignments, but I could set them up with fixed addresses if that is necessary. I used to do that but the present set-up is easier to implement and normally works perfectly. They don't need to be fixed, your DNS server will not care what IP they have today, or tomorrow. My LAN has a mixture of clients with fixed and dynamic addresses, some are fixed by hand configuring those machine's network configuration, on those machines. Others are fixed by configuring the DHCP server to always give the same IPs to the same machines. In any case, they all use the same DNS server. The manually configured machines had the local DNS server manually set in their config. All the rest were told to use the local DNS server in the data that the local DHCP server gives out. -- [tim@localhost ~]$ uname -rsvp Linux 3.6.6-1.fc17.x86_64 #1 SMP Mon Nov 5 21:59:35 UTC 2012 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning - CORRECTION
Bob Goodwin - Zuni, Virginia, USA bobgood...@wildblue.net writes: On 11/11/12 14:50, Reindl Harald wrote: PEERDNS=no is your friend touch prevent touch resolv.conf and NO it is NOT ok to have ANY unrelieable DNS in resolv.conf becasue as explaiend you have no control which is used for a request, there is no order, the diesgn is to configure equal namservers and not some with different results [root@srv-rhsoft:~]$ cat /etc/sysconfig/network-scripts/ifcfg-eth1 DEVICE=eth1 ONBOOT=yes BOOTPROTO=dhcp IPV6INIT=no NM_CONTROLLED=no USERCTL=no PEERDNS=no The instruction I had said to set it here and I did that earlier. [root@box7 bobg]# cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=box7 NTPSERVERARGS=iburst PEERDNS=no Now I have changed it here: [bobg@box7 ~]$ cat /etc/sysconfig/network-scripts/ifcfg-em1 UUID=ef05f66e-b998-4218-9bdf-30228be529ce NM_CONTROLLED=yes BOOTPROTO=dhcp DEVICE=em1 ONBOOT=yes HWADDR=00:21:9B:78:63:B1 TYPE=Ethernet DEFROUTE=yes PEERDNS=no PEERROUTES=yes As far as I could find out, PEERROUTES is obsolete. It isn't even mentioned in the documentation[1] anymore. Setting PEERDNS=no /should/ prevent networkmanager from overwriting /etc/resolv.conf. [1]: like /usr/share/doc/initscripts-9.37.1/sysconfig.txt IPV4_FAILURE_FATAL=no IPV6INIT=no NAME=System em1-DHCP and NO it is NOT ok to have ANY unrelieable DNS in resolv.conf I don't think I have any control over that. Viasat wont let me choose a dns. If I do it is blocked! In the past I used opendns, [a paid subscription.] Well that doesn't work, I can't send! [bobg@box7 ~]$ cat /etc/resolv.conf # Generated by NetworkManager # No nameservers found; try putting DNS servers into your # ifcfg files in /etc/sysconfig/network-scripts like so: # # DNS1=xxx.xxx.xxx.xxx # DNS2=xxx.xxx.xxx.xxx # DOMAIN=lab.foo.com bar.foo.com **Changed PEERDNS=no back to PEERDNS=yes ** and then I could send ... This is only networkmanager overwriting your /etc/resolv.conf. I have had the problem until I disabled networkmanager. It does *not* mean that you couldn't run your own name server. It seems to me that your name server is working ok --- at least the chaching one. So you only need to make sure that it is used with a resolv.conf like this one: , | # Generated by NetworkManager | search your.domain.example.com | nameserver 127.0.0.1 ` If you're using a chaching name server, you might not want the search option. Fix your networkmanager setup or disable networkmanager so your resolv.conf doesn't get overwritten, install bind, set it up and check if it works. Then turn off DHCP unless you really must have it and give all the computers on your LAN their unique names and IPs. Use only the name servers you have set up yourself (which is probably only one) and make all clients use those and no other ones. -- Fedora 17 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
On 12/11/12 06:09, Tim wrote: Tim: Configure the other computers on your LAN to use the DNS server computer's IP address as their DNS server. It's as simple as that. Bob Goodwin: Will dns look-ups from the other computers be added to the nameserver list? You appear to have the wrong end of the stick. When any client on your LAN asks your DNS server for an address, the DNS server makes a query to external DNS servers, caches the results, and tells your client the answer. The next client on your LAN to ask about the same address, will be told the cached answer. Telling your clients which DNS server to use is another matter. What if my computer is shut down for the night, will the others go on and use the ISP dns? If you had, say your DNS server at 192.168.0.1, and clients configured to only use 192.168.0.1 as their DNS server, then they're reliant on 192.168.0.1 always being there. If you had configured your clients with a list of DNS servers, they'll query one of them, only trying other ones when they don't get any response. I don't know what determines which DNS server will get queried out of a list, whether Fedora will do it sequentially down the list, or randomly. Nor whether any subsequent queries will use the same server as the last time, or pick another one each time. I always naively assumed they were used in the order listed, now you've introduced an element of doubt, nothing is ever simple it seems. If it was I could give others the local and then the outside dns addresses, but no that may not work as expected. I suppose I could test that scheme using two of my computers, one getting dns service from the other and see what happened when I shut down the dns of the pair. The complications are: If your other computers are assigned addresses by DHCP, then you have to put overrides on the individual client configuration, or configure the DHCP server to say that *YOUR* DNS server is the LAN's DNS server to all computers that ask it for an address (I do this with mine). DHCP via the router was the path of least resistance, they get static assignments, but I could set them up with fixed addresses if that is necessary. I used to do that but the present set-up is easier to implement and normally works perfectly. They don't need to be fixed, your DNS server will not care what IP they have today, or tomorrow. My LAN has a mixture of clients with fixed and dynamic addresses, some are fixed by hand configuring those machine's network configuration, on those machines. Others are fixed by configuring the DHCP server to always give the same IPs to the same machines. In any case, they all use the same DNS server. The manually configured machines had the local DNS server manually set in their config. All the rest were told to use the local DNS server in the data that the local DHCP server gives out. Whatever the problem yesterday it seems to be fixed today. The ISP dns appears to be working normally. However I am still interested in doing anything that improves operation. Was it you that we had this discussion with before? I can never remember who's doing what in threads, especially old or long-lasting ones. Yes I had a similar problem affecting access to Newegg's site and they thought it was their problem? That was when I discovered I could no longer use Opendns. I read somewhere that the ISP does this as a result of some caching they do to reduce traffic through the satellite link. That seemed plausible ... Bob -- http://www.qrz.com/db/W2BOD box7 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
Allegedly, on or about 11 November 2012, Bob Goodwin - Zuni, Virginia, USA sent: 1: It seems to me that it must have to collect and accumulate it's own list of addresses which would mean it is normal for it to work faster the second time an address is requested of it? Correct. 2: Is there a practical way to share my Linux dns with other [Apple Mac, etc.] computers on our LAN? Yes. Open the DNS server computer's firewall to allow DNS queries. Configure the other computers on your LAN to use the DNS server computer's IP address as their DNS server. It's as simple as that. The complications are: If your other computers are assigned addresses by DHCP, then you have to put overrides on the individual client configuration, or configure the DHCP server to say that *YOUR* DNS server is the LAN's DNS server to all computers that ask it for an address (I do this with mine). -- [tim@localhost ~]$ uname -rsvp Linux 3.6.6-1.fc17.x86_64 #1 SMP Mon Nov 5 21:59:35 UTC 2012 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
On 11/11/12 11:51, Tim wrote: 2: Is there a practical way to share my Linux dns with other [Apple Mac, etc.] computers on our LAN? Yes. Open the DNS server computer's firewall to allow DNS queries. Configure the other computers on your LAN to use the DNS server computer's IP address as their DNS server. It's as simple as that. Will dns look-ups from the other computers be added to the nameserver list? What if my computer is shut down for the night, will the others go on and use the ISP dns? The complications are: If your other computers are assigned addresses by DHCP, then you have to put overrides on the individual client configuration, or configure the DHCP server to say that *YOUR* DNS server is the LAN's DNS server to all computers that ask it for an address (I do this with mine). DHCP via the router was the path of least resistance, they get static assignments, but I could set them up with fixed addresses if that is necessary. I used to do that but the present set-up is easier to implement and normally works perfectly. Bob -- http://www.qrz.com/db/W2BOD box7 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
Am 11.11.2012 18:12, schrieb Bob Goodwin - Zuni: On 11/11/12 11:51, Tim wrote: 2: Is there a practical way to share my Linux dns with other [Apple Mac, etc.] computers on our LAN? Yes. Open the DNS server computer's firewall to allow DNS queries. Configure the other computers on your LAN to use the DNS server computer's IP address as their DNS server. It's as simple as that. Will dns look-ups from the other computers be added to the nameserver list? no idea what you mean What if my computer is shut down for the night, will the others go on and use the ISP dns? if you have a internal nameserver which should each relieable network have you would not shut down it ISP nameservers all over the world are crap and only useable for nobbs with no services rely on DNS DHCP via the router was the path of least resistance, they get static assignments, but I could set them up with fixed addresses if that is necessary. I used to do that but the present set-up is easier to implement and normally works perfectly. you can easy combine DHP and alöawys the same IP [root@srv-rhsoft:~]$ cat /etc/dhcp/dhcpd.conf authoritative; ddns-update-style none; ddns-updates off; default-lease-time 86400; max-lease-time 259200; log-facility local7; subnet 192.168.2.0 netmask 255.255.255.0 { option domain-name rhsoft.net; option domain-name-servers 192.168.2.2; option routers 192.168.2.2; option smtp-server 192.168.2.2; option pop-server 192.168.2.2; option ntp-servers 192.168.2.2; option time-servers 192.168.2.2; option subnet-mask 255.255.255.0; option broadcast-address 192.168.2.255; option interface-mtu 1472; range 192.168.2.150 192.168.2.200; } host blueray { hardware ethernet 00:A0:96:9C:14:1C; fixed-address 192.168.2.9; } signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
Bob Goodwin - Zuni, Virginia, USA bobgood...@wildblue.net writes: My ISP appears to have a dns problem today. it has been taking as much as one minute to deal wit an address! I appears that we are locked into using the Viasat provided dns, the usual alternatives like opndns do not work. I installed caching-nameserver which seems to restore things to normal. yum install caching-nameserver I have two questions: 1: It seems to me that it must have to collect and accumulate it's own list of addresses which would mean it is normal for it to work faster the second time an address is requested of it? 2: Is there a practical way to share my Linux dns with other [Apple Mac, etc.] computers on our LAN? You could as well install bind instead and allow clients to use it. Fedora has system-config-bind-gui to make it easy to set up. When you are at it, you could add squid and let the clients use it as well ... -- Fedora 17 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
Bob Goodwin - Zuni, Virginia, USA bobgood...@wildblue.net writes: On 11/11/12 11:51, Tim wrote: 2: Is there a practical way to share my Linux dns with other [Apple Mac, etc.] computers on our LAN? Yes. Open the DNS server computer's firewall to allow DNS queries. Configure the other computers on your LAN to use the DNS server computer's IP address as their DNS server. It's as simple as that. Will dns look-ups from the other computers be added to the nameserver list? What if my computer is shut down for the night, will the others go on and use the ISP dns? You can specify several name servers to use, so you would make your computer which is running named the primary name server and another one the secondary one. When the primary name server isn't reachable, the clients are supposed to use the secondary one instead. I don't know if and when they would switch back to the primary one, though. -- Fedora 17 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
Am 11.11.2012 18:44, schrieb lee: You can specify several name servers to use, so you would make your computer which is running named the primary name server and another one the secondary one. When the primary name server isn't reachable, the clients are supposed to use the secondary one instead. in theory in the real life you have no control of the order in whci namesvers from /etc/resolv.conf are used and mostly theay are all get the request and the faster response is used mixinig different dns-views leads to rendamloy get different results and if your ISP's namesevrer is a crap with unstrustable responses for NXDOMAIn you are playing games with your network signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
On 11/11/12 12:48, Reindl Harald wrote: Am 11.11.2012 18:44, schrieb lee: You can specify several name servers to use, so you would make your computer which is running named the primary name server and another one the secondary one. When the primary name server isn't reachable, the clients are supposed to use the secondary one instead. in theory in the real life you have no control of the order in whci namesvers from /etc/resolv.conf are used and mostly theay are all get the request and the faster response is used mixinig different dns-views leads to rendamloy get different results and if your ISP's namesevrer is a crap with unstrustable responses for NXDOMAIn you are playing games with your network It looks like it is random ... I took all the dns server addresses out of the router leaving only 127.0.0.1. That leaves my local dns plus whatever Viasat uses which is terribly slow today. I never saw anything like this before. Some sites have a bunch of look ups, like weather.com which I have been testing with because it does a lot of them. It is obvious when it hits the ISP dns server and sits there for 20 - 30 seconds, maybe more worst case, the local is instantaneous. I can't be certain but that's how it looks to me based on what you have told me ... I rebooted this computer just to be safe and shows resolv.conf: [bobg@box7 ~]$ cat /etc/resolv.conf # Generated by NetworkManager nameserver 192.168.1.1 nameserver 127.0.0.1 nameserver 184.63.128.68 I guess that's ok? The last one is the ISP dns, or at least I don't think I have that entered anywhere. 192.168.1.1 is presently a Buffalo wireless router running dd-wrt. It is the dhcp server. A call to Wildblue tech support produces a warning of long wait times. I guess there are others complaining. I wont learn anything there today except that they are probably swamped with complaints. Thanks, Bob -- http://www.qrz.com/db/W2BOD box7 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
Am 11.11.2012 20:39, schrieb Bob Goodwin - Zuni: I rebooted this computer just to be safe and shows resolv.conf: [bobg@box7 ~]$ cat /etc/resolv.conf # Generated by NetworkManager nameserver 192.168.1.1 nameserver 127.0.0.1 nameserver 184.63.128.68 I guess that's ok? The last one is the ISP dns, or at least I don't think I have that entered anywhere. 192.168.1.1 is presently a Buffalo wireless router running dd-wrt. It is the dhcp server. PEERDNS=no is your friend touch prevent touch resolv.conf and NO it is NOT ok to have ANY unrelieable DNS in resolv.conf becasue as explaiend you have no control which is used for a request, there is no order, the diesgn is to configure equal namservers and not some with different results [root@srv-rhsoft:~]$ cat /etc/sysconfig/network-scripts/ifcfg-eth1 DEVICE=eth1 ONBOOT=yes BOOTPROTO=dhcp IPV6INIT=no NM_CONTROLLED=no USERCTL=no PEERDNS=no signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
On 11/11/12 14:50, Reindl Harald wrote: PEERDNS=no is your friend touch prevent touch resolv.conf and NO it is NOT ok to have ANY unrelieable DNS in resolv.conf becasue as explaiend you have no control which is used for a request, there is no order, the diesgn is to configure equal namservers and not some with different results [root@srv-rhsoft:~]$ cat /etc/sysconfig/network-scripts/ifcfg-eth1 DEVICE=eth1 ONBOOT=yes BOOTPROTO=dhcp IPV6INIT=no NM_CONTROLLED=no USERCTL=no PEERDNS=no The instruction I had said to set it here and I did that earlier. [root@box7 bobg]# cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=box7 NTPSERVERARGS=iburst PEERDNS=no Now I have changed it here: [bobg@box7 ~]$ cat /etc/sysconfig/network-scripts/ifcfg-em1 UUID=ef05f66e-b998-4218-9bdf-30228be529ce NM_CONTROLLED=yes BOOTPROTO=dhcp DEVICE=em1 ONBOOT=yes HWADDR=00:21:9B:78:63:B1 TYPE=Ethernet DEFROUTE=yes PEERDNS=no PEERROUTES=yes IPV4_FAILURE_FATAL=no IPV6INIT=no NAME=System em1-DHCP and NO it is NOT ok to have ANY unrelieable DNS in resolv.conf I don't think I have any control over that. Viasat wont let me choose a dns. If I do it is blocked! In the past I used opendns, [a paid subscription.] Well that doesn't work, I can't send! [bobg@box7 ~]$ cat /etc/resolv.conf # Generated by NetworkManager # No nameservers found; try putting DNS servers into your # ifcfg files in /etc/sysconfig/network-scripts like so: # # DNS1=xxx.xxx.xxx.xxx # DNS2=xxx.xxx.xxx.xxx # DOMAIN=lab.foo.com bar.foo.com Changed PEERDNS=yes back to PEERDNS=no Bob -- http://www.qrz.com/db/W2BOD box7 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning - CORRECTION
On 11/11/12 14:50, Reindl Harald wrote: PEERDNS=no is your friend touch prevent touch resolv.conf and NO it is NOT ok to have ANY unrelieable DNS in resolv.conf becasue as explaiend you have no control which is used for a request, there is no order, the diesgn is to configure equal namservers and not some with different results [root@srv-rhsoft:~]$ cat /etc/sysconfig/network-scripts/ifcfg-eth1 DEVICE=eth1 ONBOOT=yes BOOTPROTO=dhcp IPV6INIT=no NM_CONTROLLED=no USERCTL=no PEERDNS=no The instruction I had said to set it here and I did that earlier. [root@box7 bobg]# cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=box7 NTPSERVERARGS=iburst PEERDNS=no Now I have changed it here: [bobg@box7 ~]$ cat /etc/sysconfig/network-scripts/ifcfg-em1 UUID=ef05f66e-b998-4218-9bdf-30228be529ce NM_CONTROLLED=yes BOOTPROTO=dhcp DEVICE=em1 ONBOOT=yes HWADDR=00:21:9B:78:63:B1 TYPE=Ethernet DEFROUTE=yes PEERDNS=no PEERROUTES=yes IPV4_FAILURE_FATAL=no IPV6INIT=no NAME=System em1-DHCP and NO it is NOT ok to have ANY unrelieable DNS in resolv.conf I don't think I have any control over that. Viasat wont let me choose a dns. If I do it is blocked! In the past I used opendns, [a paid subscription.] Well that doesn't work, I can't send! [bobg@box7 ~]$ cat /etc/resolv.conf # Generated by NetworkManager # No nameservers found; try putting DNS servers into your # ifcfg files in /etc/sysconfig/network-scripts like so: # # DNS1=xxx.xxx.xxx.xxx # DNS2=xxx.xxx.xxx.xxx # DOMAIN=lab.foo.com bar.foo.com **Changed PEERDNS=no back to PEERDNS=yes ** and then I could send ... Bob --http://www.qrz.com/db/W2BOD box7 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning - CORRECTION
Am 11.11.2012 21:33, schrieb Bob Goodwin - Zuni: **Changed PEERDNS=no back to PEERDNS=yes ** and then I could send ... maybe you have a crappy ISP which blocks DNS if it is not their own one - let me guess: USA, here in europe it is absolutely no probem to setup a dns-server which does recursion and never tocuhes any ISp crap, some providers think they knpw better what their users nedd signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning - CORRECTION
On 11/11/12 15:38, Reindl Harald wrote: Am 11.11.2012 21:33, schrieb Bob Goodwin - Zuni: **Changed PEERDNS=no back to PEERDNS=yes ** and then I could send ... maybe you have a crappy ISP which blocks DNS if it is not their own one - let me guess: USA, here in europe it is absolutely no probem to setup a dns-server which does recursion and never tocuhes any ISp crap, some providers think they knpw better what their users nedd Yes but even then that should not prevent me from using my own nameserver? I always used other dns servers, recently opendns, until March when this high speed satellite service became available and eventually I found that it was not using my opendns but it's own! And as you say it's crappy ... This is a holiday weekend and it may not get fixed for a couple of days? Aargh! -- http://www.qrz.com/db/W2BOD box7 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning - CORRECTION
Am 11.11.2012 21:50, schrieb Bob Goodwin - Zuni: On 11/11/12 15:38, Reindl Harald wrote: Am 11.11.2012 21:33, schrieb Bob Goodwin - Zuni: **Changed PEERDNS=no back to PEERDNS=yes ** and then I could send ... maybe you have a crappy ISP which blocks DNS if it is not their own one - let me guess: USA, here in europe it is absolutely no probem to setup a dns-server which does recursion and never tocuhes any ISp crap, some providers think they knpw better what their users nedd Yes but even then that should not prevent me from using my own nameserver? I always used other dns servers, recently opendns, until March when this high speed satellite service became available and eventually I found that it was not using my opendns but it's own! And as you say it's crappy ... This is a holiday weekend and it may not get fixed for a couple of days? Aargh! if your ISP decides to setup a transparent DNS proxy or block port 53 to DNS servers which are not his you are out of opttions except wsitch to another ISP and amek sure he decides not the same way some moths later here where i live this all is theory, but i am aware that in other countries this things are normal as like power outages which are also unknown here most of the time signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
On 11/11/12 15:54, Reindl Harald wrote: if your ISP decides to setup a transparent DNS proxy or block port 53 to DNS servers which are not his you are out of opttions except wsitch to another ISP and amek sure he decides not the same way some moths later here where i live this all is theory, but i am aware that in other countries this things are normal as like power outages which are also unknown here most of the time If I use 74.125.239.9 I get google.com so it seems logical that my own name server would provide 74.125.239.9 and I would go to Google? [bobg@box7 ~]$ nslookup google.com Server:192.168.1.1 Address:192.168.1.1#53 Non-authoritative answer: Name:google.com Address: 74.125.239.9 Name:google.com Address: 74.125.239.14 We are in a rural are here but fortunately rarely have power failures. Occasionally there will be a transient, lights may blink, but the UPS's handle that and they are hardly noticed. If power fails we have a motor generator for backup. . -- http://www.qrz.com/db/W2BOD box7 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
Am 11.11.2012 22:08, schrieb Bob Goodwin - Zuni: If I use 74.125.239.9 I get google.com so it seems logical that my own name server would provide 74.125.239.9 and I would go to Google? [bobg@box7 ~]$ nslookup google.com Server:192.168.1.1 Address:192.168.1.1#53 Non-authoritative answer: Name:google.com Address: 74.125.239.9 Name:google.com Address: 74.125.239.14 why do you change your bind-config to test tjings? nslookup google.com whatevernameserver but his does NOT change the fact taht you can not override a TRANSPARENT procy which my be the root casue of your issues YOU say hostx:porty ISP say myhost:myport no way to get around this on standard ports maybe it would be better to discuss your issues with your ISP signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org