Send Bristol mailing list submissions to
bristol@mailman.lug.org.uk
To subscribe or unsubscribe via the World Wide Web, visit
https://mailman.lug.org.uk/mailman/listinfo/bristol
or, via email, send a message with subject or body 'help' to
bristol-request@mailman.lug.org.uk
You can reach the person managing the list at
bristol-owner@mailman.lug.org.uk
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Bristol digest..."
Today's Topics:
1. DNS and DNS Server setup on Arch linux - Help! (David Fear)
2. Re: DNS and DNS Server setup on Arch linux - Help! (Steve King)
3. Re: DNS and DNS Server setup on Arch linux - Help! (Amias Channer)
4. Re: DNS and DNS Server setup on Arch linux - Help! (Alex Butcher)
5. Re: DNS and DNS Server setup on Arch linux - Help! (Alex Butcher)
----------------------------------------------------------------------
Message: 1
Date: Tue, 30 Jun 2015 01:51:19 +0100
From: David Fear <david@dfear.co.uk>
To: Bristol & Bath lug <bristol@mailman.lug.org.uk>
Subject: [bristol] DNS and DNS Server setup on Arch linux - Help!
Message-ID: <5591E807.5040600@dfear.co.uk>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Hi
I need help figuring out why I am having dns problems on my local.
I am having issues connecting to certain domains/ip's.
I have checked on my Nexus 5 (using 3G) and using isup.me. They both
tell me the websites are working on the internet and the problem is on
my network.
I used to use dnsmasq (on DDWRT) as a local dns server for my net work.
I wanted more control, so I disabled dnsmasq on DDWRT and tried to setup
BIND on an Arch Linux box.
I can nslookup and tracepath/traceroute the problem websites below, but
CANNOT ping them or connect to them in a web browser on either my ubuntu
desktop (14.04 64-bit) or my Nexus 5.
Problem websites:
pickle-it.co.uk
pickledpepperdesigns.co.uk
cloud04.smarthosting.co.uk
I have attached named.conf, resolv.conf, resolvconf.conf, and
/etc/netctl/eth0 files from my Arch Linux box.
Please someone, tell what I have done wrong, and why.
Network details:
192.168.12.0/24
255.255.255.0
router: 192.168.12.1
UbuntuBox: 192.168.12.22
ArchBox: 192.168.12.40 and 192.168.12.2
ArchBox uses netctl to configure 2 ip address for one ethernet
interface. BIND is the dns server.
DHCP server on DDWRT router is confiqured to send out 192.168.12.2 to
dhcp clients as the ip address of DNS server address to be used.
Regards
-----------------------------------
Dave Fear :: david@dfear.co.uk
Order your free giffgaff SIM card through my page and get 5 pounds free
credit http://t.co/z1KJF5y
-------------- next part --------------
# Generated by resolvconf
nameserver 127.0.0.1
-------------- next part --------------
# Configuration for resolvconf(8)
# See resolvconf.conf(5) for details
resolv_conf=/etc/resolv.conf
# If you run a local name server, you should uncomment the below line and
# configure your subscribers configuration files below.
#name_servers=127.0.0.1
#append_nameservers=208.67.222.222
#name_servers=127.0.0.1
-------------- next part --------------
#Description='A basic dhcp ethernet connection'
#Interface=eth0
#Connection=ethernet
#IP=dhcp
### for DHCPv6
##IP6=dhcp
### for IPv6 autoconfiguration
##IP6=stateless
#ExecUpPost='/usr/bin/ntpd -gq || true'
#DhcpcdOptions='-A'
Description='A basic static ethernet connection'
Interface=eth0
Connection=ethernet
IP=static
Address=('192.168.12.2/24' '192.168.12.40/24')
#Routes=('192.168.0.0/24 via 192.168.1.2')
Gateway=('192.168.12.1')
#DNS=('127.0.0.1' '208.67.222.222' '208.67.220.220' '8.8.8.8' '8.8.4.4')
DNS=('127.0.0.1')
#DNS=('8.8.8.8' '8.8.4.4')
## For IPv6 autoconfiguration
#IP6=stateless
## For IPv6 static address configuration
#IP6=static
#Address6=('1234:5678:9abc:def::1/64' '1234:3456::123/96')
#Routes6=('abcd::1234')
#Gateway6='1234:0:123::abcd'
ExecUpPost='/usr/bin/ntpd -gq || true'
-------------- next part --------------
// vim:set ts=4 sw=4 et:
acl goodclients {
192.168.12.0/24;
localhost;
localnets;
};
options {
directory "/var/named";
pid-file "/run/named/named.pid";
// Uncomment these to enable IPv6 connections support
// IPv4 will still work:
//listen-on-v6 { any; };
// Add this for no IPv4:
// listen-on { none; };
listen-on { 192.168.12.2; 127.0.0.1;};
//allow-recursion { 192.168.12.0/24; 127.0.0.1; };
allow-query { goodclients; };
allow-recursion { goodclients; };
allow-transfer { none; };
allow-update { none; };
forwarders { 8.8.8.8; 8.8.4.4; };
version none;
hostname none;
server-id none;
};
zone "localhost" IN {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "127.0.0.zone";
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
type master;
file "localhost.ip6.zone";
};
zone "255.in-addr.arpa" IN {
type master;
file "empty.zone";
};
zone "0.in-addr.arpa" IN {
type master;
file "empty.zone";
};
zone "." IN {
type hint;
file "root.hint";
};
zone "lan" IN {
type master;
file "lan.zone";
allow-update { none; };
notify no;
};
//zone "example.org" IN {
// type slave;
// file "example.zone";
// masters {
// 192.168.1.100;
// };
// allow-query { any; };
// allow-transfer { any; };
//};
//logging {
// channel xfer-log {
// file "/var/log/named.log";
// print-category yes;
// print-severity yes;
// severity info;
// };
// category xfer-in { xfer-log; };
// category xfer-out { xfer-log; };
// category notify { xfer-log; };
//};
------------------------------
Message: 2
Date: Tue, 30 Jun 2015 09:17:39 +0100
From: "Steve King" <debian@invux.com>
To: "Bristol and Bath Linux User Group" <bristol@mailman.lug.org.uk>
Subject: Re: [bristol] DNS and DNS Server setup on Arch linux - Help!
Message-ID:
<b95472ce6a76c970e8ed653a11d3f725.squirrel@dazzle.invux.com>
Content-Type: text/plain;charset=iso-8859-1
>
> Problem websites:
> pickle-it.co.uk
> pickledpepperdesigns.co.uk
> cloud04.smarthosting.co.uk
>
>
All three of those hosts resolve to the same IP address.
31.216.48.16
That would suggest that your problem was down to a server outage.
I was able to connect to the first two, the second one is obviously a
generic name so gave me a generic page, but it all worked.
Is it still not working for you?
--
Steve
------------------------------
Message: 3
Date: Tue, 30 Jun 2015 10:41:14 +0100
From: Amias Channer <me@amias.net>
To: debian@invux.com, Bristol and Bath Linux User Group
<bristol@mailman.lug.org.uk>
Subject: Re: [bristol] DNS and DNS Server setup on Arch linux - Help!
Message-ID:
<CAMgU7XX5j=yEvQN+-wVDPDXv_YovsPYwYooVVoEh2wXK=PVn4A@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
On 30 June 2015 at 09:17, Steve King <debian@invux.com> wrote:
> That would suggest that your problem was down to a server outage.
or incorrect /etc/hosts entries possibly.
works from here (virgin broadband)
Cheers
Amias
------------------------------
Message: 4
Date: Tue, 30 Jun 2015 11:08:34 +0100 (BST)
From: Alex Butcher <lug@assursys.co.uk>
To: Bristol and Bath Linux User Group <bristol@mailman.lug.org.uk>
Subject: Re: [bristol] DNS and DNS Server setup on Arch linux - Help!
Message-ID:
<alpine.LRH.2.11.1506300956250.2380@zlgugi.of5.nffheflf.cev>
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
On Tue, 30 Jun 2015, David Fear wrote:
> I need help figuring out why I am having dns problems on my local.
>
> I am having issues connecting to certain domains/ip's.
>
> I have checked on my Nexus 5 (using 3G) and using isup.me. They both tell me
> the websites are working on the internet and the problem is on my network.
>
> I used to use dnsmasq (on DDWRT) as a local dns server for my net work. I
> wanted more control, so I disabled dnsmasq on DDWRT and tried to setup BIND
> on an Arch Linux box.
Personally, I think BIND is overkill for small sites (e.g. home). But it is
the standard, and being able to drive it is a useful skill to have.
Personally, I use pdnsd.
> I can nslookup
If you're able to resolve their names using nslookup then DNS (or at least,
DNS as being served by the nameserver that nslookup is using, anyway) is not
the problem. Try different servers to test explicitly:
> pickle-it.co.uk
Server: 192.168.xxx.xxx
Address: 192.168.xxx.xxx#53
Non-authoritative answer:
Name: pickle-it.co.uk
Address: 31.216.48.16
> server 8.8.8.8
Default server: 8.8.8.8
Address: 8.8.8.8#53
> pickle-it.co.uk
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: pickle-it.co.uk
Address: 31.216.48.16
> server 208.67.222.222
Default server: 208.67.222.222
Address: 208.67.222.222#53
> pickle-it.co.uk
Server: 208.67.222.222
Address: 208.67.222.222#53
Non-authoritative answer:
Name: pickle-it.co.uk
Address: 31.216.48.16
8.8.8.8 is one of Google's Public DNS servers
(<https://developers.google.com/speed/public-dns/>) and 208.67.222.22 is one
of OpenDNS's
(<https://www.opendns.com/home-internet-security/opendns-ip-addresses/>).
Incidentally, if you're using BIND, it might be worthwhile configuring it to
use at least both of those sources in addition to your ISP's nameservers as
upstream sources (I see that Google's DNS are in named.conf as forwarders).
Bear in mind that there are also local DNS resolver caches, so you may need
to restart nscd if you're using it. The resolver also only reads
/etc/resolv.conf at process startup, so if you change it, you probably need
to restart the process to test accurately.
> and tracepath/traceroute the problem websites below
Tracepath uses UDP.
UNIX traceroute also uses UDP probes by default and receives ICMP replies,
but Windows tracert uses ICMP Echo Request probes. UNIX traceroute can also
use ICMP probes if you pass the -I option.
>, but
> CANNOT ping them or connect to them in a web browser on either my ubuntu
> desktop (14.04 64-bit) or my Nexus 5.
ping uses ICMP Echo Request probes and http(s) connections use TCP (to ports
80 and 443 respectively, as standard). That would suggest that a firewall
somewhere along your path is failing to forward or allow those protocols. If
you want to eliminate DNS, find the IP address, then try telnet'ing to port
80:
$ telnet 31.216.48.16 80
Trying 31.216.48.16...
Connected to 31.216.48.16.
Escape character is '^]'.
HEAD / HTTP/1.0
HTTP/1.1 200 OK
Date: Tue, 30 Jun 2015 09:54:58 GMT
Server: Apache
Last-Modified: Sun, 14 Jun 2015 16:45:36 GMT
Accept-Ranges: bytes
Content-Length: 111
Connection: close
Content-Type: text/html
Connection closed by foreign host.
If you can't get that, it's a firewall problem, or the host is down (as
Steve mentioned).
As you have a smartphone, presumably with a 3G/4G-enabled account, you can
also use that to test and thereby eliminate your WLAN and LAN infrastructure
and your ISP.
Finally, it's worth summarizing the stages of TCP connection setup from
start to finish:
1) If specified server is not an IP address, resolve name using cache,
/etc/hosts, DNS, usually in that order unless configured otherwise
2) Determine if server IP address is on local network by masking it with
subnet mask and comparing with masked local IP addresses
3) If local, use ARP cache (which will in turn use ARP across the network,
if it's not present from an earlier connection) to determine MAC address.
If remote, we need to pass packets to the appropriate gateway, using the
default gateway (pointed towards the Internet) as our gateway of last
resort. Use routing table to determine most appropriate gateway and
determine its MAC address.
4) Client sends TCP SYN packet to server's IP address, with MAC address set
appropriately depending on whether it's a local or remote host.
5) Server sends SYN-ACK back to client
6) Client responds with ACK and connection is established.
> Dave Fear :: david@dfear.co.uk
Hopefully that helps.
Best Regards,
Alex
------------------------------
Message: 5
Date: Tue, 30 Jun 2015 11:10:08 +0100 (BST)
From: Alex Butcher <lug@assursys.co.uk>
To: Bristol and Bath Linux User Group <bristol@mailman.lug.org.uk>
Subject: Re: [bristol] DNS and DNS Server setup on Arch linux - Help!
Message-ID:
<alpine.LRH.2.11.1506301109180.2380@zlgugi.of5.nffheflf.cev>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
On Tue, 30 Jun 2015, Alex Butcher wrote:
> Finally, it's worth summarizing the stages of TCP connection setup from
> start to finish:
I forgot to mention that
<https://web.archive.org/web/20030619152346/http://www.theinternetbook.net/>
(written by a former colleague) is worth reading for more details.
Best Regards,
Alex
------------------------------
Subject: Digest Footer
_______________________________________________
Bristol mailing list
Bristol@mailman.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/bristol
------------------------------
End of Bristol Digest, Vol 607, Issue 2
***************************************
Tidak ada komentar:
Posting Komentar