[ale] DNS woes w/Devil Linux

Jonathan Glass jonathan.glass at ibb.gatech.edu
Mon Feb 16 13:56:51 EST 2004 

Long shot, but does Devil Linux use tcp_wrappers?  Have you checked
/etc/hosts.allow and /etc/hosts.deny?

Check your /etc/named.conf file for anything relating to allowed
clients.

Also, what does 'iptables -L -n' report?

Thanks

Jonathan G.

On Mon, 2004-02-16 at 13:59, Joe Knapka wrote:
> Hi everyone,
> 
> As I reported recently, I've started using Devil Linux to route
> between my home LAN, wireless net, and cable connection.  All is going
> well, but I've discovered a strange issue that may or may not be
> Devil-Linux-specific; maybe someone here has a clue.
> 
> Devil runs a cache-only DNS server (BIND 9) that is, by default,
> visible only to machines on the internal network. I want that DNS
> server to service the wireless network as well (which I've configured
> as the "DMZ" net, making appropriate changes to the firewall rules to
> have the "DMZ" actually be treated as a distinct internal network).
> 
> I have changed the firewall rules to allow connections on the wireless
> interface at port 53 (both TCP and UDP), and I've also changed BIND's
> configuration to make it listen on both the internal and the wireless
> interfaces.  "lsof" reveals that named is in fact listening on both
> interfaces. From the internal net, "nslookup" et al can successfully
> resolve names using the router's named. Furthermore, from a machine on
> the wireless net I can telnet to port 53 on the router and get
> connected. (I know DNS uses UDP, but this fact seems to validate
> that the firewall rules are opening the correct ports.)
> 
> Still, DNS lookups from the wireless network to the router fail with
> "timeout, no servers could be reached". Iptables doesn't log
> any rejects during a lookup attempt, but named just won't
> answer the phone.
> 
> Can anyone suggest other things I might need to check/reconfigure?
> 
> Thanks,
> 
> -- Joe Knapka
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
-- 
Jonathan Glass
Systems Support Specialist II
Institute for Bioengineering & Bioscience
Georgia Institute of Technology
Email: jonathan.glass at ibb.gatech.edu
Office: 404-385-0127
Fax: 404-894-2291

More information about the Ale mailing list