Very Computer

My internal systems are all in the hosts file, and the hosts.allow and
hosts.deny files are insecure (ALL:ALL).

My lookups are set to first hosts, then DNS.

Can anybody tell me why this is happening?

Thanks,

Adam

Here whats going on..

When you don't have demand dial set and the connection is down the reverse
lookup your linux does comes back immediately ICMP type 3 message because
the default route does not exist.

There are two ways that I know of to fix it..

        1) Install a nameserver on the box that has a reverse zone for
           your internal IP addresses. Or is configured to be the Master
           for that reverse zone, but does not have a zone for them,
           in which case your box will answer it self with authority
           that the IP in question does not have reverse mapping..

        2) Configure pppd so that udp traffic does not bring up the
           connection (I don't know if you can do this with pppd, but
           I know you can with diald)  
           This option is not good because the it is nameservice lookup
           causes a demand-dial connection to go up when you want it
           to go up.

Your /etc/hosts does not affect reverse lookups, only forward lookups.

Martin

Thanks, I will try and install the nameserver option. I think I may have
done that before,
but can't remember why I took it off!

It does make sense now.

Adam

Quote:

> Here whats going on..

> When you don't have demand dial set and the connection is down the reverse
> lookup your linux does comes back immediately ICMP type 3 message because
> the default route does not exist.

> There are two ways that I know of to fix it..

> 1) Install a nameserver on the box that has a reverse zone for
>            your internal IP addresses. Or is configured to be the Master
>            for that reverse zone, but does not have a zone for them,
>    in which case your box will answer it self with authority
>            that the IP in question does not have reverse mapping..

> 2) Configure pppd so that udp traffic does not bring up the
>            connection (I don't know if you can do this with pppd, but
>            I know you can with diald)

Make sure that you update bind to bind-8.2.3-0.6.x.i386.rpm

ftp://sunsite.unc.edu/pub/Linux/distributions/redhat/updates/6.2/i386...

The one from the orginal install has a remote root expolit.

I would also install:

ftp://ftp.redhat.com/redhat/redhat-6.2-en/os/i386/RedHat/RPMS/caching...

At the end of your /etc/named.conf put:

zone "0.0.10.in-addr.arpa" {
        type master;
        file "10.0.0.rev";

Quote:};

If your machine has a private 10.0.0.0 address.

To your /etc/resolve.conf also add:

nameserver 0.0.0.0

================================

This will keep your machine from tring to go outside to look for a
reverse mapping for a 10.0.0.0/24 address.

Martin

Hi Adam,

Quote:> My Redhat 6.2 Server has demand dialing installed (I've put 'demand' into
> /etc/ppp/options). I have a problem though, that when I telnet into the
> server from a local workstation, it dials out to the internet. It refuses
> to give me the log in prompt until it has connected to the internet. If I
> turn off the demand dial or take out the nameservers it will allow me to
> login straight away.

> My internal systems are all in the hosts file, and the hosts.allow and
> hosts.deny files are insecure (ALL:ALL).

> My lookups are set to first hosts, then DNS.

> Can anybody tell me why this is happening?

See ya

Dean Thompson

--
+____________________________+____________________________________________+

| Bach. Computing (Hons)     | ICQ     - 45191180                         |
| PhD Student                | Office  - <Off-Campus>                     |
| School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)    |
| MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077                  |
| Melbourne, Australia       |                                            |
+----------------------------+--------------------------------------------+