Networking Troubles
D. Hugh Redelmeier
hugh-pmF8o41NoarQT0dZR+AlfA at public.gmane.org
Sun Sep 16 18:10:47 UTC 2007
| From: Lennart Sorensen <lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org>
| On Fri, Sep 14, 2007 at 09:17:31AM -0400, Dave Mason wrote:
| > This is a question about my own setup, but in the same flow....
| >
| > bash# cat /etc/resolv.conf
| > search in.mason-rose.ca
| > nameserver 127.0.0.1
| > nameserver xxx.xxx.xxx.xxx (the current IP address from the router, provided by DHCP)
| > This works passably, but is kindof slow. And dig +trace doesn't work.
Try adding +tcp at the end. That way it will use TCP instead of UDP.
For some firewalls that works better. It also works better for really
large responses that would require fragmentation (unlikely for most
folks, but likely for me).
| > If I reverse the nameservers, dig +trace works for some sites. If I
| > remove the router nameserver it doesn't work, even though I have named
| > running on the linux box.
See the +[no]search option in dig. Without it, dig is using only the
first entry.
I think that +trace only uses the nameserver specified in resolv.conf
to get the root servers. If it cannot even get that, things are grim.
| > I have a fairly tight firewall, is there
| > something I should have enabled besides 80, 22, 25 in order to have
| > named work properly?
|
| Well port 53 (tcp and udp) of course, since that is what DNS uses.
BIND sends queries out on other ports unless your named.conf has
options like:
query-source address * port 53;
transfer-source * port 53;
notify-source * port 53;
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list