wingcom Posted June 10, 2007 Report Share Posted June 10, 2007 (edited) Hey all, I've configured DHCPD, DNS, SHOREWALL and Internet Connection Sharing using the Mandriva Wizards but I'm having troubles with queries on the DNS through the LAN. My configuration is this: 1. Interface eth0 has a static IP 192.168.1.2 and connects to my ADSL router on IP 192.168.1.1 So this is the NET zone in shorewall. My wireless clients are also in this zone and receive an IP in that range from the router. eth0 Link encap:Ethernet HWaddr 00:E0:7D:A3:3D:02 inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::2e0:7dff:fea3:3d02/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:16472 errors:0 dropped:0 overruns:0 frame:0 TX packets:11445 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:17676496 (16.8 MiB) TX bytes:1270234 (1.2 MiB) Interrupt:18 Base address:0xef00 2. Interface eth1 also has static IP 10.0.1.1 and connects to the LAN. (XBOX and 2 other PC's) This is the LOC zone in shorewall. Default gateway for this is set to 192.168.1.1 I think this is done by the "Internet Connection Wizard" eth1 Link encap:Ethernet HWaddr 00:E0:7D:A3:3D:0F inet addr:10.0.1.1 Bcast:10.0.1.255 Mask:255.255.255.0 inet6 addr: fe80::2e0:7dff:fea3:3d0f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:278 errors:0 dropped:0 overruns:0 frame:0 TX packets:96 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:24693 (24.1 KiB) TX bytes:13332 (13.0 KiB) Interrupt:19 Base address:0xe00 In shorewall I have masquerading set like this: #INTERFACE SUBNET ADDRESS PROTO PORT(S) IPSEC eth0 eth1 My routing table looks like this: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.1.0 * 255.255.255.0 U 10 0 0 eth1 192.168.1.0 * 255.255.255.0 U 10 0 0 eth0 169.254.0.0 * 255.255.0.0 U 10 0 0 eth0 169.254.0.0 * 255.255.0.0 U 10 0 0 eth1 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default 192.168.1.1 0.0.0.0 UG 10 0 0 eth0 I do NOT see any shorewall messages in my messages log and policy is set to this: loc net ACCEPT loc fw ACCEPT fw loc ACCEPT fw net ACCEPT loc loc ACCEPT net all DROP info all all REJECT info service named restart gives me: Jun 10 13:03:22 ENTERPRISE named[12044]: starting BIND 9.3.2 -u named -t /var/lib/named Jun 10 13:03:22 ENTERPRISE named[12044]: loading configuration from '/etc/named.conf' Jun 10 13:03:22 ENTERPRISE named[12044]: listening on IPv4 interface lo, 127.0.0.1#53 Jun 10 13:03:22 ENTERPRISE named[12044]: listening on IPv4 interface eth0, 192.168.1.2#53 Jun 10 13:03:22 ENTERPRISE named[12044]: listening on IPv4 interface eth1, 10.0.1.1#53 Jun 10 13:03:22 ENTERPRISE named[12044]: command channel listening on 127.0.0.1#953 I can do queries on the domain name server EXCEPT on interface 10.0.1.1 but I donot think its the nameserver itself but a network setup/ firewall or routing problem. dig @localhost google.com dig @192.168.1.2 google.com dig @127.0.0.1 google.com and dig @ENTERPRISE gives me: ; <<>> DiG 9.3.2 <<>> @localhost google.com ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18177 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 0 ;; QUESTION SECTION: ;google.com. IN A ;; ANSWER SECTION: google.com. 300 IN A 64.233.167.99 google.com. 300 IN A 64.233.187.99 google.com. 300 IN A 72.14.207.99 ;; AUTHORITY SECTION: google.com. 345600 IN NS ns1.google.com. google.com. 345600 IN NS ns2.google.com. google.com. 345600 IN NS ns3.google.com. google.com. 345600 IN NS ns4.google.com. ;; Query time: 464 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Jun 10 13:05:22 2007 ;; MSG SIZE rcvd: 148 but dig @10.0.1.1 gives me: [root@ENTERPRISE wingcom]# dig @10.0.1.1 google.com ; <<>> DiG 9.3.2 <<>> @10.0.1.1 google.com ; (1 server found) ;; global options: printcmd ;; connection timed out; no servers could be reached All these commands are performed on the server... The reason why I think it has nothing to do with the DNS itself is that I also can't ping ip addresses from my connected clients on that interface. (nor can i ping/connect to hostnames of course) CORRECTION: I can now ping my ISP DNS Server IP from my connected client so i'm gonna post my named.conf because it DOES seem like a DNS problem after all: key mykey { algorithm hmac-md5; secret ""; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { mykey; }; }; options { directory "/var/lib/named/var/named"; pid-file "/var/lib/named/var/named/named.pid"; version "Wizard drake"; allow-query { any; }; allow-transfer { any; }; forwarders { 192.168.1.1; }; }; zone "localhost" { type master; file "zone/db.localhost"; }; zone "0.0.127.in-addr.arpa" { type master; file "zone/db.127.0.0.1"; }; zone "." { type hint; file "zone/root.hints"; }; zone "1.168.192.in-addr.arpa" { type master; file "zone/db.1.168.192.hosts"; forwarders { }; }; zone "STARFLEET.COM" { type master; file "zone/db.STARFLEET.COM.hosts"; forwarders { }; }; Ive had this setup before but I reinstalled a new motherboard and upgraded from 2005 to 2007 keeping only my homedir and reinstalling all the rest. So I must be overlooking something :s Can someone point me in the right direction please? I must be overlooking something but don't seem to find it :s thanx wingcom Edited June 10, 2007 by wingcom Link to comment Share on other sites More sharing options...
ianw1974 Posted June 11, 2007 Report Share Posted June 11, 2007 If you've got another Linux machine, run nmap and scan 10.0.1.1 to see what ports are open. If it doesn't list port 53, then your firewall is blocking it. Seems your machine is listening on 53 though from what you posted before. Link to comment Share on other sites More sharing options...
wingcom Posted June 11, 2007 Author Report Share Posted June 11, 2007 I already telnetted to it and it seemed open. Nonetheless, I ran the test: Discovered open port 53/tcp on 10.0.1.1 :s weird stuff Link to comment Share on other sites More sharing options...
ianw1974 Posted June 12, 2007 Report Share Posted June 12, 2007 Default routes on the machine? Link to comment Share on other sites More sharing options...
gjmwalsh Posted June 26, 2007 Report Share Posted June 26, 2007 The top line of the /etc/named.conf file is missing .... I've been fighting this nonsense myself. Add the line: include "/etc/rndc.key" Then run: service named start (or restart) If that fails, reboot and then run service named status and you should be up and running. Link to comment Share on other sites More sharing options...
wingcom Posted July 1, 2007 Author Report Share Posted July 1, 2007 The top line of the /etc/named.conf file is missing .... I've been fighting this nonsense myself. Add the line: include "/etc/rndc.key" Then run: service named start (or restart) If that fails, reboot and then run service named status and you should be up and running. No Joy... Still fighting with this. I've configured my dhcp to put my ISP dns directly however I still want to know what this is :s All works accept queries from the local network. They don't seem to find their way to the internet or upper name servers. So a routing problem might be correct but I don't know how I should configure it then :s Link to comment Share on other sites More sharing options...
ianw1974 Posted July 2, 2007 Report Share Posted July 2, 2007 Please post exactly what you see on the screen when you attempt to do a query? Also, I doubt very much you will find your entries in your DNS server propagating out on to the internet. It won't work like that as such. Normally I configure the DNS server for internal use, and I then set a forwarder to use an external DNS server on the internet. Usually if you want your entries on the internet, you'd have to talk to someone who is providing your web services. And if you're not using public IP addresses, then there is no way your DNS entries will end up on the internet. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now