Our MIS department just decided to not allow the use of the public IP addresses of system from local machines, so I made the additions to the hosts file with the private ip and the name. restart named and restarted squid, and squid picked up the change, and would bring up pages using the name. Unfortunately, dig and other options would still be using the public IP instead.
Tried restarting the machine to see if something might not have been changed, but it remains the same.
In the past, I had done this same thing for local services I have. redhatgcc.dyndns.org has a public ip of 202.128.73.24, but on the inside it has the private ip of 192.168.50.41. So, the hosts file has the link between the 192.168.50.41 and the redhatgcc.dyndns.org, and it reports that.
But now the college web sever that has a public IP of 202.128.72.2 is now mapped internally to 10.10.10.11, so I added the same mapping but dig still reports the 202.128.72.2 number, and that will no longer work from the inside?
Is there something that might be caching the old information even after a system restart?
At this point to get it to work, I've had to point to there DNS server that using 172.16.0.4? We've got less than 1000 machine on campus, but they now have 10.x.x.x networks, and 172.16.x networks and a number of 192.168.x networks...
+----------------------------------------------------------+ Michael D. Setzer II - Computer Science Instructor Guam Community College Computer Center mailto:mikes@kuentos.guam.net mailto:msetzerii@gmail.com http://www.guam.net/home/mikes Guam - Where America's Day Begins G4L Disk Imaging Project maintainer http://sourceforge.net/projects/g4l/ +----------------------------------------------------------+
http://setiathome.berkeley.edu (Original) Number of Seti Units Returned: 19,471 Processing time: 32 years, 290 days, 12 hours, 58 minutes (Total Hours: 287,489)
BOINC@HOME CREDITS SETI 11189934.576302 | EINSTEIN 6468781.769851 ROSETTA 3563786.501816 | ABC 7853564.918328
On 03Sep2011 04:56, Michael D. Setzer II mikes@kuentos.guam.net wrote: | Our MIS department just decided to not allow the use of the public | IP addresses of system from local machines, so I made the | additions to the hosts file with the private ip and the name. | restart named and restarted squid, and squid picked up the | change, and would bring up pages using the name. Unfortunately, | dig and other options would still be using the public IP instead. | | Tried restarting the machine to see if something might not have | been changed, but it remains the same.
/etc/hosts is not part of DNS. It is part of the name lookup procedure used by gethostbyname(). So: squid is affected by /etc/hosts, but dig and named are NOT, and will not be: they are specificly DNS tools.
My recommendation is to add a special .local zone to your named with names host1.local etc with the private addresses. Then add local to the _front_ of the search path in /etc/resolv.conf:
search local your.normal.domain.here
Then using the short names should work.
Cheers,
On 3 Sep 2011 at 7:47, Cameron Simpson wrote:
Date sent: Sat, 3 Sep 2011 07:47:02 +1000 From: Cameron Simpson cs@zip.com.au To: Community support for Fedora users users@lists.fedoraproject.org Subject: Re: Question on DNS setup change not working. Send reply to: Community support for Fedora users users@lists.fedoraproject.org mailto:users- request@lists.fedoraproject.org?subject=unsubscribe mailto:users- request@lists.fedoraproject.org?subject=subscribe
On 03Sep2011 04:56, Michael D. Setzer II mikes@kuentos.guam.net wrote: | Our MIS department just decided to not allow the use of the public | IP addresses of system from local machines, so I made the | additions to the hosts file with the private ip and the name. | restart named and restarted squid, and squid picked up the | change, and would bring up pages using the name. Unfortunately, | dig and other options would still be using the public IP instead. | | Tried restarting the machine to see if something might not have | been changed, but it remains the same.
/etc/hosts is not part of DNS. It is part of the name lookup procedure used by gethostbyname(). So: squid is affected by /etc/hosts, but dig and named are NOT, and will not be: they are specificly DNS tools.
My recommendation is to add a special .local zone to your named with names host1.local etc with the private addresses. Then add local to the _front_ of the search path in /etc/resolv.conf:
search local your.normal.domain.here
Then using the short names should work.
Thanks for the information. At the moment, the system is just running a caching nameserver, so will have to look at the process to setup the dns. I was under the impression that the resolv.conf with hosts bind was also for dns.
Cheers,
Cameron Simpson cs@zip.com.au DoD#743 http://www.cskk.ezoshosting.com/cs/
"He deserves death!" "Deserves it! I daresay he does. And many die that deserve life. Is it in your power to give it to them? Then do not be so quick to deal out death in judgement, for even the very wise may not see all ends." - Gandalf, _The Lord of the Rings_ -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
+----------------------------------------------------------+ Michael D. Setzer II - Computer Science Instructor Guam Community College Computer Center mailto:mikes@kuentos.guam.net mailto:msetzerii@gmail.com http://www.guam.net/home/mikes Guam - Where America's Day Begins G4L Disk Imaging Project maintainer http://sourceforge.net/projects/g4l/ +----------------------------------------------------------+
http://setiathome.berkeley.edu (Original) Number of Seti Units Returned: 19,471 Processing time: 32 years, 290 days, 12 hours, 58 minutes (Total Hours: 287,489)
BOINC@HOME CREDITS SETI 11189934.576302 | EINSTEIN 6468781.769851 ROSETTA 3563786.501816 | ABC 7853564.918328
On Saturday 03 September 2011 12:26 AM, Michael D. Setzer II wrote:
Our MIS department just decided to not allow the use of the public IP addresses of system from local machines, so I made the additions to the hosts file with the private ip and the name. restart named and restarted squid, and squid picked up the change, and would bring up pages using the name. Unfortunately, dig and other options would still be using the public IP instead.
Tried restarting the machine to see if something might not have been changed, but it remains the same.
In the past, I had done this same thing for local services I have. redhatgcc.dyndns.org has a public ip of 202.128.73.24, but on the inside it has the private ip of 192.168.50.41. So, the hosts file has the link between the 192.168.50.41 and the redhatgcc.dyndns.org, and it reports that.
You need to setup a DNS server or add a new zone to existing DNS server for local network. BTW /etc/hosts is not part of DNS , thats why you cannot see the effects during dig <name> command
Warm Regards
On Sat, 2011-09-03 at 11:36 +1000, Michael D. Setzer II wrote:
I was under the impression that the resolv.conf with hosts bind was also for dns.
resolv.conf is used to tell your network the address of a DNS server, and it can list the domain names to be added to hostnames, for abbreviated queries.
i.e. "ping printserver" can become "ping printerserver.example.com"
The hosts file is used by anything which can use the hosts data to resolve a name. e.g. Your web browser.
The BIND DNS server uses its own configuration files to give answers to queries. In general, it looks for its own DNS record files, then queries external (to itself) DNS servers. The hosts file isn't part of its workings. There are other (simple) DNS servers which can look at the hosts file for resolving addresses.
Amongst other things, the /etc/nsswitch.conf file lists how various things will resolve queries. Such as your web browser's query for a domain may get resolved by first looking in the hosts file, then trying a DNS server. The "hosts:" line will configure how names are generally resolved, there are other configuration lines to choose how other things do their look-ups.
Squid has its own resolver tool, and I can't recall how it normally works, but I'd be surprised if you can't configure how it goes about it.
It shouldn't be necessary to play around with restarting networks, or rebooting, for a change in your hosts file to be noticed. However, certain applications may need restarting. For instance, if you'd used Firefox to browse www.example.com, the IP would have been looked up at the time, and the answer will be held onto for the session. So, changes to the IP won't get noticed, during that time.
-
Cameron Simpson -
Jatin K -
Michael D. Setzer II -
Tim