[lug] DNS problems
J. Wayde Allen
wallen at lug.boulder.co.us
Tue Apr 2 14:34:50 MST 2002
On 2 Apr 2002, Tkil wrote:
> i agree with whoever said that it was probably a firewalling issue;
> the KRUD firewall stuff will punch holes for nameservers, but only at
> boot time (i think).
That was kind of what I had been thinking too. I pretty certain that
Jodie set the system up using the high security option. It could very
well be that she is going to have to learn how to loosen up a few bolts in
the armor.
Hmmm ... if as you say the KRUD firewall may punch holes for nameservers
at boot time that might be simply tested by adding these to resolv.conf
and then rebooting the system ... ???
> doing "ipchains --list" as root gives me this, on my 7.2 box:
>
> | ACCEPT udp ------ phobos.frii.com anywhere domain -> 1025:65535
> | ACCEPT udp ------ free.tummy.com anywhere domain -> 1025:65535
> | ACCEPT udp ------ ns1.tummy.com anywhere domain -> 1025:65535
>
> a handy debugging tool for this is to turn on logging of all rejected
> packets. sure, it's a pile of data, but disk space is cheap. you can
> turn on logging by adding "-l" flags to the "reject" rules in
> /etc/sysconfig/ipchains.
OK cool! I'll have to check this out when I get the chance.
> i remember one from college: dns1.nmsu.edu: 128.123.3.5
There should be one I can hit here at work too actually.
- Wayde
(wallen at lug.boulder.co.us)
More information about the LUG
mailing list