Very Computer

1. The hosts file on the LINUX router contains entries for all
machines on my private network.  

2. Router's resolve.conf has "order hosts,bind"

3. The router has itself as first choice nameserver, my ISP's
nameservers as second and third choices.

4. The other machines have the router's IP as the first-choice
nameserver.  

5. The other machines have entries in their hosts file for the router.

When I try to FTP or Telnet to the router, the connection is not
immediate.  Instead the router dials my ISP.  I think this must be
because FTP and telnet want to do a reverse lookup before accepting
the connection.  I don't understand why the resolver in the router
can't/won't  do this from the /etc/hosts file without wanting to ask
my ISP's nameservers, which is of course not going to give a
resolution anyway.

If I remove my ISP's nameservers from the router's list, then the
Telnet and FTP connections never complete, which seems to align with
my guesses about what is happening here.

Q1: What do I need to do to get the LINUX box to resolve my private IP
addresses for itself.  Do I need to enhance my DNS server to ?

Q2. BTW, I would guess there is a way to tell telnet and FTP to not
bother with the reverse lookups.  How is this done?

try nslookup on the router and lookup the routers name and also its
ip address .... ditto for any other problem destinations on your net.

Hope you fix it soon,

Steve Houseman

--

currently  steve.houseman at * net      

-----------------------------

There are two points in this ....

- check that your named config is correct as it should answer queries
  if they cant be resolved any other way (and should prevent dialing out)

- (if you can be bothered) ...check whether your resolver code is ok
  (I'm assuming that there is no nsswitch file), and attach strace
  (with -o,-f -t options) to inetd , and then fire the telnet request
  and see whether it looks at the hosts file ... didnt on mine).

Hope you fix it soon,

Steve Houseman

--

currently  steve.houseman at * net      

Quote:> I have a 2.2.12 machine functioning as a router for my home private-IP
> network.  I set up a caching-only DNS server according to the HOWTO.
> In addition I have set up:

> 1. The hosts file on the LINUX router contains entries for all
> machines on my private network.

> 2. Router's resolve.conf has "order hosts,bind"

> 3. The router has itself as first choice nameserver, my ISP's
> nameservers as second and third choices.

> 4. The other machines have the router's IP as the first-choice
> nameserver.

> 5. The other machines have entries in their hosts file for the router.

> When I try to FTP or Telnet to the router, the connection is not
> immediate.  Instead the router dials my ISP.  I think this must be
> because FTP and telnet want to do a reverse lookup before accepting
> the connection.  I don't understand why the resolver in the router
> can't/won't  do this from the /etc/hosts file without wanting to ask
> my ISP's nameservers, which is of course not going to give a
> resolution anyway.

> If I remove my ISP's nameservers from the router's list, then the
> Telnet and FTP connections never complete, which seems to align with
> my guesses about what is happening here.

> Q1: What do I need to do to get the LINUX box to resolve my private IP
> addresses for itself.  Do I need to enhance my DNS server to ?

> Q2. BTW, I would guess there is a way to tell telnet and FTP to not
> bother with the reverse lookups.  How is this done?

2) The "order hosts, bind" option is NOT a valid for the /etc/resolv.conf
file. Type: "man reslover" for a full list of options and how they apply to
the resolver libs. The "order hosts, bind" option belongs in the
/etc/hosts.conf file.

Now for the confusing part... I have found that I need to edit both the
/etc/hosts.conf file and the /etc/nsswitch file to make the resolver libs
work properly. I.E. search the hosts file first, then query DNS. This is the
confusing part since I do not run NIS. But after I read the man pages for
nsswitch.conf, I decided to edit this file also and specify the following...
hosts:      files dns nisplus nis

My resolver libs now seem to function properly (hosts file then bind), but
I'm still confused as to why. <groan>

Steve Cowles

If you think the resolv code might be broken with respect to looking
at hosts file, that at least helps me feel like I might not be crazy
after all, even though my problem is not yet solved.

I do not have named configured to resolve all machines on my private
net, I guess this is something I need to learn about and do. I have
been reading the DNS HOWTO and other DNS material but it is quite a
lot to digest, so until I can get that all figured out I was hoping to
get by with using the /etc/hosts file.

I also don't have a man page for strace on my router, I guess that is
part of the development packages, which I didn't install because I
don't have enough disk space.

John

Quote:>Type: "man tcpd"
>the HOST NAME VERIFAICATION section will enlighten your knowledge

I only use these services on my private net, so probably the thing to
do is take them out from under the tcpd umbrella.

Quote:>2) The "order hosts, bind" option is NOT a valid for the /etc/resolv.conf
>file.
>...
> The "order hosts, bind" option belongs in the
>/etc/hosts.conf file.

Quote:

>Now for the confusing part... I have found that I need to edit both the
>/etc/hosts.conf file and the /etc/nsswitch file to make the resolver libs
>work properly. I.E. search the hosts file first, then query DNS. This is the
>confusing part since I do not run NIS. But after I read the man pages for
>nsswitch.conf, I decided to edit this file also and specify the following...
>hosts:      files dns nisplus nis

>My resolver libs now seem to function properly (hosts file then bind), but
>I'm still confused as to why. <groan>

Maybe I should install the latest bind rpm?  I have bind-8.2.2_P3-1,
but  if I recall I think there is a P5 out now.

You've probably given up on this now but for completeness ...

I find strace a *vital* tool that allows all manner of stuff to
be diagnosed , although it doesnt (obviously) show internal logic .

iirc, it has to be run as root, and has several flags that I use
by default
-f means follow forks (often essential)
-t puts a time stamp on each record
-o<filename> will store the records in the named file rather
than stdout.

Can use it in two ways eg
# strace -odbin1 -f -t telnet chin     # will trace the telnet client
# strace -odbin2 -f -t -p<inetd_pid>   # will attach to the inetd
and trace any requests that come in , including the forks, and a ctl-C
will detach it.

It can show an excruciating amount of detail, but can also show what
files are being used (useful for determining which env PATH it is
looking down) and in this case would (probably) show it opening
the resolv.conf, host.conf and probably not the hosts file
followed by a query to port 53 ie the named.

I find it sometimes replaces the need to rtfm as can see what files a
program uses rather than rtfm'ing :-) .

Nuff' of my ramblings,

Steve Houseman

--

currently  steve.houseman at * net      

snip

Quote:> 3. The router has itself as first choice nameserver, my ISP's
> nameservers as second and third choices.

       forward only;
       forwarders {
                <isp nameserver 1 ip>;
                <isp nameserver 2 ip>;
        };

This way you will only ask the isp name servers if it is not known locally
and any answers will be cached locally.

Rgds

--
Andrew Lindley
Email is leny at denarius dot demon dot co dot uk