Re: Another basic networking question.
by Simon Slater
On Thu, 2009-04-02 at 15:48 +1030, Tim wrote:
> On Thu, 2009-04-02 at 11:56 +1100, Simon Slater wrote:
> > When a firewall computer has 2 nics, they should be on separate
> > subnets? Yes?
>
> That depends on how you want to use them. If the computer sits
> *between* two networks, then yes.
>
Ok, go that.
> > When an ISP dynamically assigns an ip address, is it associated with
> > the dsl router, eth0 where it plugs in, or the ppp0 device that does the
> > communicating?
>
> That depends on how you're using the modem/router. If you're using it
> just as a modem, it's the computer network interface that gets assigned
> the internet address, and the computer does the authentication (if any).
> If you're using it as a router, the router's WAN interface deals with
> the ISP.
>
This explains some of the inconsistencies that I've been seeing. So
I'll settle on using it just as a modem and the computer for connecting
until I finish tweaking the rest of the setup.
> > So if eth1 goes to a lan and has its ip address configured in its
> > ifcfg-eth1 and similarly eth0 on the wan side is configured to get its
> > address from dhcp, is it the ISP's dhcp server that it needs to get the
> > address from or the local dhcp server?
>
> The ISP's DHCP server doesn't *get* anything from you, it gives you
> addresses that it wants you to use.
>
> > With respect to the ip address for configuration of the dsl router
> > (defaults to 192.168.1.1 for this Linksys AG300), which subnet should it
> > be on, the lan side or wan?
>
> That's a badly formulated question that's hard to understand.
The fog of my confusion clouded my typing as well as my thinking.
> But,
> 192.168.1.1 is a private address range, it should only be used on LANs.
> However, some cheapskate ISPs, which don't have enough public IPs give
> all their customers private IP addresses, and they do NAT between the
> internet and their customers.
>
I'll try again now I understand a bit more. To configure the Linksys
AG300, which is physically connected to eth0, I point a browser to
192.168.1.1 (by default, but this can be changed) and configure whatever
I need to. When I use the computer to connect to the ISP via the same
eth0 and the ISP assigns me (at the moment) 210.84.25.73. Does this
mean that I cannot configure the router because the ip's are now on
different subnets? Then again, if used just as a modem, no real
configuration is needed?
> > Slightly more advanced: What are the pros and cons of using an ifup
> > ppp0 command from the firewall computer to connect with the ISP versus
> > connecting from within the dsl router itself?
>
> If the computer is directly connected, it has to do all the firewalling,
> and sharing the internet with other computers. If you have a router in
> between, it handles all the networking, and you don't have to have any
> particular computers on to use the network.
>
I do want this computer to most of the work.
Thanks a lot Tim, this is just the type of clarification I needed.
Understanding this better is helping me get a handle on what is wrong in
other areas, like my dnsmasq configuration, which I think stems from
these issues.
--
Regards,
Simon Slater
Registered Linux User #463789. Be counted at: http://counter.li.org/
15 years, 2 months
Re: Is the download.fedora.redhat.com down?
by William Perkins
Hi JB,
> William Perkins <wperkins <at> patriot.net> writes:
>>
>> Is there a problem with the download.fedora.redhat.com system or is
>> it my problem? I have been using this FTP and HTTP server for Fedora
>> updates for quite awhile with no problems, but several days ago it
>> stopped accepting connections from the system that handles package
>> updates for all of my servers and clients. No errors are returned,
>> there is just no response.
>
>Hi,
>could you please be more specific ? It matters :-)
>
> I assume your internal update server is F13.
No, it is currently Fedora 12. All of my systems will be updated to
Fedora 14 when it is released, and this problem I am having is resolved.
> Where is it specified that you use that download.fedora.redhat.com
> IP/address as a repo server for updates ? Give us an output of that
> file. Is that an official Fedora mirror site ?
I do not use yum directly to download the updated RPM files, I use LFTP
in a script to find and download all of the new SRPMS and RPM filess in
the RedHat repository, put them in my local package repository, update
one system manually to make sure the updates will work, and if that works
okay, auto update with Yum the rest of the systems using the local
repository. This save download time and I get the SRPMS files along with
i386 and X86_64 RPM files, and all files that are downloaded get archived
for recovery purposes, I have been using this process in its various
forms at least since Fedora 5 was released. Yes, even before Yum was
released. This process has worked until this connection problem started
occuring.
>> It does resolve correctly in the DNS:
>> 209.132.183.67.
>
> How did you verify that (dig, nslookup, host) ?
> From where did you verify it (your internal update server or client; or
> perhaps outside-of-your-domain machine) ?
>
I verified the 209.132.183.67 IP address both foward and reverse on my
local systems and on some remote systems to which I have shell access.
The DNS lookup information was the same in each case.
>> I can connect to this server from other systems
>> outside of my domain, but none of my own clients or servers can get a
>> connection to open on the download.fedora.redhat.com server.
>
> On your domain:
> - do you use a local dns caching server (nscd, dnsmasq, bind) ? Where ?
> - on your internal update server, give us an output of:
> $ cat /etc/resolv.conf
search grnwood.net
nameserver 173.162.21.73
nameserver 173.162.21.74
> $ cat /etc/host.conf
order hosts,bind
> - have you looked at your firewall rules (thru GUI and actual content in
> iptables files: less /etc/sysconfig/ip*tables ) ?
>
I run Bind on two servers in a rather usual configuration. DNS resolution
is not the problem here, the correct information is being returned
regardless of which system, local or remote, is doing the query.
The firewall is handled in a seperate configuration. None of its rules
have been changed in quite some time.
>> I can connect to other FTP and web sites without any problems. A
>> traceroute gets as far as redhat-2.border1.phx004.pnap.net
>> (69.25.121.26) and stops there after fourteen hops.
>>
>> I would appreciate some help or suggestions in resolving this problem.
>>
>> Thanks,
>>
>> Bill
>
I did use the traceroute, as another user suggested, using the "-T"
option and TCP SYNs, and received 30 empty hops.
> JB
Thank you JB for your reply.
Bill
----
William M. Perkins, KJ4ASH UNIX/Linux Systems Administrator
The Greenwood ARES / Skywarn / ARCA
Galax, Virginia E-mail - wmp(a)grnwood.net
13 years, 8 months
Re: nscd and DNS cache
by Daniel Bossert
fedora skrev 16.05.12 10:33:
> ... or try dnsmasq
>
> suomi
>
> On 05/16/2012 08:54 AM, JD wrote:
>> On Tue, May 15, 2012 at 9:20 PM, Ed Greshko<Ed.Greshko(a)greshko.com>
>> wrote:
>>> On 05/16/2012 10:11 AM, JD wrote:
>>>> I have nscd running.
>>>> /etc/resolv.conf starts out with
>>>> nameserver 127.0.0.1
>>>> nameserver 192.168.1.254
>>>>
>>>>
>>>> The 192.168.1.254 is the router, which has been a fast and reliable
>>>> resolver.
>>>>
>>>> So, to test nscd caching behavior,
>>>> I browse (using FF) over to any website.
>>>> After some time, the address is resolved and the page comes up.
>>>> I kill the tab of the page, and open a new tab and aim the browser
>>>> at same url. Browser again says: looking up whatever....com and takes
>>>> several seconds to resolve it.
>>>>
>>>> I thought that nscd is supposed to cache the translation from the
>>>> first lookup.
>>>>
>>>> Am I to believe that the browser is NOT using /etc/resolv.conf?
>>>> If not, what is it using?
>>>> Or could it be that nscd is useless in this respect?
>>>>
>>>
>>> I've not looked at nscd in a long time....but I never could see the
>>> value in it and
>>> never could get it to what I thought was a working or useful
>>> configuration for my needs.
>>>
>>> No browser or application uses resolv.conf directly. They make
>>> calls to the resolver
>>> libraries which in turn use it.
>>>
>>> IMO, if your router does caching name services there really is no
>>> benefit to having
>>> systems do their own caching since the overhead of local requests
>>> should be small.
>>> However, it seems that your router may not be caching since it is
>>> taking several seconds.
>>>
>>> In cases where the router isn't doing caching, or is doing it
>>> poorly, I prefer to
>>> simply run bind on a single server and point all the systems to it
>>> for resolution.
>>>
>>> With the current Fedora systems this is easy. All one need to do is
>>> install bind and
>>> bind-chroot and enable/start the service. On the "bind" host all
>>> you need is
>>> 127.0.0.1 defined as a nameserver. Then, if you use a tool such as
>>> "wireshark" you
>>> will see that requests will only go out if the answer is not in the
>>> cache or the TTL
>>> has expired.
>>>
>> I understand the libs are what make calls to the resolver. But even
>> the resolver must look
>> at /etc/resolv.conf. If it is empty, NOTHING gets resolved.
>> I was using nscd thinking it is a lightweight caching resolver. But as
>> it turns out it is useless.
>> Time for fedora to bury it :)
>> Re: My router: it does very little if any caching - and has no
>> configuration for it at all.
>>
>> I will try bind.
>>
>> Thanx Ed.
>>
>> JD
HI
Why do you have 127.0.0.1 in /etc/resolv.conf? Could it be that your
computer ask himself to resolv this ip and as he can't do that then he
get to your router and ask?
Do you have the same behaviour when only your router's ip adress is in
/etc/resolv.conf?
kind regards
Daniel
12 years, 1 month
Re: OT: Linux kernel version in fiber modem
by Jonathan Ryshpan
On Sat, 2021-12-25 at 03:15 -0800, Jonathan Ryshpan wrote:
> On a whim I opened up the:
> Legal Disclaimer Open Source Licenses
> in the management page for my fiber modem (ATT installed 2021/03/30)
> and discovered that the kernel is rather old:
Since this seems to have produced a modest amount of interest, I'm
posting a little more of this license file; the whole file is about 0.5
Mbytes, which seems a little long.
The modem was provided to me by ATT when they installed fiber service;
I haven't checked but I suspect that it's the only device that ATT
supports and very likely the only one that works on the ATT network.
This very long list of open source software very likely contains more
vulnerabilities.
----------------------------------------- ATT License File Starts ----
-------------------------------------
# BGW320 version 1.0 OPEN SOURCE SOFTWARE INFORMATION
For instructions on how to obtain a copy of any open source code being
made publicly available by AT&T;
related to open source software used in the BGW320 gateway, you may
send your request in writing to:
AVP, RG Software
Open Source Request
AT&T;
2230 E Imperial HWY
El Segundo CA 90245
This document contains additional information regarding open source
software licenses, acknowledgments
and required copyright notices for open source packages used in the
BGW320 device.
radvd - Version 2.18
libssl - Version 1.1.1k
motopia - ssl_api.c
openssl - Version 1.1.1k
dropbear - Version 2013.62
portmap - Version 6.0
tcp_wrappers - Version 7.6
libtecla - Version 1.6.2
pcre - Version 8.32
dhrystone - Version 2.2
flex - Version 2.5.4
aiccu - Version 20070115
motopia - list.h
mcproxy - mcp_util.c
miniupnpd
voip resolver - resolverapi.h
voip resolver - resolverapi.c
portmap - Version 5beta
SpryAssets
lua - Version 5.4.0
expat - Version 2.1.0
public include - pcp.h
cms_util - pcp.c
dhcp-isc - Version 4.1-ESV-R8
dhcpcd
motopia - md5.h
motopia - list.c
motopia - md5.c
muhttpd - Version 1.1.5
smartdb system - broadcom.c
voip SIP - sha1.c
voip SIP - sha1.h
dhcp - Version 4.1-ESV-R3
mini_httpd - Version 1.19
dhcpcd - ifaddrs.c
ez-ipupdate - md5.c
libmnl - Version 1.0.3
dhcpv6
dhcpv6 - ifaddrs.c
public include - cms_lzw.h
cms_util - base64decode.c
cms_util - base64encode.c
cms_util - lzw_decode.c
voip resolver - resolverprivate.c
widedhcpv6 - Version 20080615
widedhcpv6 - ifaddrs.c
uClibc - Version 0.9.28.3
arptables - Version 0.0.3-4
inetd - inetd.c
kernel - include
motopia-arm
netfilter
zl880 - arris_lt.c
bcmdriver include - adsldrv.h
bcmdriver include - AdslMibDef.h
bcmdriver include - atmapidrv.h
bcmdriver include - bcmadsl.h
bcmdriver include - bcmatmapi.h
bcmdriver include - bcmxdsl.h
bcmdriver include - DiagDef.h
bcmdriver include - VdslInfoDef.h
bdmf
dpi
pcmshim
rdpa_drv
rdpa_gpl
rdpa_mw
opensource include - bcmspucfg.h
opensource include - bcmspudrv.h
opensource include - bcmtypes.h
opensource include - board.h
bcmdrivers - enet
bcmdrivers - wfd
bcmdrivers - xtmrt
linux kernel - Version 3.4.11
bridge-utils - Version 1.2
busybox - Version 1.30.1
conntrack-tools - Version 1.4.1
dnsmasq - Version 2.85
dproxy-nexgen - Version 0.5
ebtables
ez-ipupdate - Version 3.0.11b7
ftpd - Version 1.0.24
haserl - Version 0.9.35
iproute2
iptables - Version 1.4.16.3
mtd-util - flash_eraseall.c
mtd - Version 1.5.0
ntfs-3g - Version 2014.3.15
ntpclient - Version 2010_356
rp-pppoe - Version 3.11
sysstat - Version 9.0.3
urlfilterd - Version 1.0.1
libnetfilter_conntrack - Version 1.0.3
libnetfilter_cthelper - Version 1.0.0
libnetfilter_cttimeout - Version 1.0.0
libnetfilter_queue - Version 1.0.2
libnfnetlink - Version 1.0.1
bcm_boot_launcher.c
bdmf_shell
memaccess.c
ppp - Version 2.3.11
psictl.c
scratchpadctl.c
send_cms_msg.c
simcard
public - include
cms_boardctl
cms_msg
cms_util
motopia
portmirror
prioritytag
udev - Version 136
bridge-utils - Version 1.0.6
iproute2 - Version 2.6.35
mtd - Version 20050122.orig
ntpclient - Version 2010_365
wireless_tools - Version 29
wpa_supplicant - Version 1.1
hostapd
compat.h
bootcfg.ko
pm_interval.ko
emaclib.ko
wlan.ko
wlan_ccmp.ko
wlan_scan_ap.ko
wlan_scan_sta.ko
wlan_tkip.ko
wlan_xauth.ko
xt_mark.ko
queue.h
linux kernel - Version 2.6.35.12
U-Boot - Version 2009.06
PHP - Version 5.0.5
zlib - Version 1.2.11
zlib - Version 1.2.3
dhcpcd - ifaddrs.h
dhcpv6 - ifaddrs.h
radvd - ifaddrs.h
mocana - parseasn1.c
smartdb system - etc53xx.h
widedhcpv6 - ifaddrs.h - Version 1.1.1.1
popt - Version 1.16
Process Control Daemon (PCD) - Version 1.1.6
syslog-ng - Version 3.8.1
eventlog - Version 0.2.12
glib - Version 2.40.0
logrotate - Version 3.11.0
libffi - Version 3.2.1
libuuid - Version 1.0.3
md5.js - Version 2.2
safeclib - Version 10052013
Argon2 - Version 1.3
curl - Version 7.70.0
ncurses - Version 6.1
mtr - Version 0.93
dbus - Version 1.10.8
systemd - Version 243
libfuse - Version 3.10.2
libattr - Version 2.4.48
util-linux - Version 2.36
----------------------------------------- ATT License File Ends ------
-----------------------------------
--
Sincerely Jonathan Ryshpan <jonrysh(a)pacbell.net>
Fiat justitia, ruant coelis!
2 years, 5 months
Re: How do I share a wireless network connection with a wired device ?
by linux guy
On Thu, 2009-11-12 at 20:25 -0500, Sam Varshavchik wrote:
> Linuxguy123 writes:
>
> >
> > In system-config-firewall.py, I did the following:
> >
> > - trusted the wired Ethernet port.
> > - trusted DNS and Multicast DNS
> > - turned on masquerading for the wired ethernet port
> > - applied all these
> >
> > In spite of all this my device is not getting an IP address. What am I
> > missing ?
>
> I say you're missing the correct configuration for your wired segment, and
> you're missing a DHCP server.
>
> > I guess what I am asking is, how do I tell the laptop to serve addresses
> > to clients on the wired Ethernet port ?
>
> For starters, you need to assign a static IP address for your wired
> interface. Your narrative did not include the low-level configuration
> details of both your wired and your wireless interfaces. I'm guessing that
> you probably configured both your wired and your wireless interfaces to use
> automatic settings. That works for wireless, since your wireless address
> point is handing your laptop an IP address. That won't work for your wired
> segment, since there's nothing on your wired segment to give your laptop an
> IP address for its wired network interface, all you have is some dumb device
> there. Your laptop needs to take charge of the wired segment, and run the
> whole show.
>
> Presuming that your access point is assigning your laptop an IP address in
> the 192.168.0.0/24 range, the logical netblock for your wired segment would
> be 192.168.1.0/24, so you'll need to configure your laptop's wired interface
> to a static netblock of 192.168.1.0, and a static IP address of 192.168.1.1.
>
> You do that in Network Configuration. Bring up "Network Configuration", and
> edit your wired interface address.
>
> Turn off all options, including "Controlled by NetworkManager". Turn on
> "Activate device when computer starts", select "Statically set IP
> addresses", put in an address of 192.168.1.1, subnet mask 255.255.255.0, and
> leave the gateway address blank, together with all the DNS fields.
>
> If, on the other hand, your wireless access point is giving your wireless
> interface an 192.168.1.x netblock IP address, you'll just need to turn
> around and set up your wired interface to use the 192.168.0.0/24 range
> instead. Your wired and your wireless interfaces must be on different
> netblock segments, and your laptop bridges the two. That's how it works.
>
> Then:
>
> yum install dhcp
>
> chkconfig on dhcp (so that dhcp starts when you boot your laptop).
>
> man dhcpd.conf
>
> (a lot of reading goes here)
>
> emacs /etc/dhcp/dhcpd.conf
>
> You probably need to do add something like this in your dhcpd.conf file
> (presuming that you're using 192.168.1.0/24 for your wired segment):
>
> subnet 192.168.1.0 netmask 255.255.255.0 {
>
> option subnet-mask 255.255.255.0;
>
> allow unknown-clients;
>
> option routers 192.168.1.1;
> option domain-name-servers 192.168.1.1;
>
> range 192.168.1.129 192.168.1.159;
>
> default-lease-time 604800;
> max-lease-time 604800;
> }
>
> Since, as you say, you're using dnsmasq, you'll need to tell your DHCP
> client (your wired device), that your wired interface's IP address is going
> to be its DNS server (option domain-name-servers), also that your wired
> device needs to use your wired interface as its router (option routers).
>
> Oh, and you'll probably need to reboot, too.
But, but, but... I thought Network Manager had these spiffy options that
allowed one to do this all automatically with the correct selection of
values in a few drop downs ?
Its too much work to set up the DHCP part of this. I'm going to give my
port a static IP via NetworkManager and set the IP on my device to be
static as well then. It doesn't pay to go through all this for just one
device connection.
14 years, 7 months
Re: Weird network problem
by Phil Dobbin
On 05/26/2013 02:54 PM, Mikkel L. Ellertson wrote:
> On 05/26/2013 07:18 AM, Phil Dobbin wrote:
>> On 05/26/2013 11:54 AM, Mikkel L. Ellertson wrote:
>>> On 05/25/2013 08:00 PM, Phil Dobbin wrote:
>>>> Hi, all.
>>>>
>>>> I've got several machines on a LAN behind a NAT with DHCP assigning
>>>> always the same addresses from a dynamic IP.
>>>>
>>>> A couple of days ago the IP changed & since then, one of the machines
>>>> running Fedora 17 always fails first time to connect to the network:
>>>> launch Thunderbird, no start screen, first attempt to check mail, it
>>>> tells me that there's no network connection, second attempt it connects.
>>>>
>>>> The scheduled DejaDup backup always fails with no network but will run
>>>> manually no problem. Firefox can't find Google but the Nagios
>>>> web interface is fine as is all the cli stuff (ping, ssh, etc).
>>>>
>>>> Most annoyingly, yum update goes through every mirror before partially
>>>> downloading part of the updates & if the updates are large, it takes
>>>> about three attempts to get them all installed.
>>>>
>>>> I'd like to clear this up naturally especially as in the next couple of
>>>> weeks I'll be upgrading this box to Fedora 18 & the last thing I need is
>>>> a dodgy network connection.
>>>>
>>>> All the machines below are on the same LAN & they all work fine after
>>>> the IP address change, it's only the Fedora box that's causing problems.
>>>>
>>>> Any help appreciated. I'm stuck.
>>>>
>>>> Cheers,
>>>>
>>>> Phil...
>>>>
>>> Check your name server settings. Does /etc/resolv.conf have a name
>>> server that from the old IP address? Do you have one machine on the
>>> network that runs a catching name server and the rest of the Fedora
>>> machines are looking for it at the old address? Or are you running
>>> something like dnsmasq on the machines, and have the old IP address
>>> in the config file?
>> I've never used any name server settings on any of these machines. The
>> lease is automatically assigned by DHCP so therefore there is no need to.
>>
>> The external link comes into a NAT router then onto a HP ProCurve switch
>> & then via cat5 cables to each machine (there's no wireless involved
>> anywhere). Then each machine in Network Settings uses the automatic
>> setting to assign each address & DNS (192.168.1.254) & address mask
>> (255.255.255.0).
>>
>> As I've said, all other machines (all 16 of them) are fine. It's just
>> the Fedora box which leads me to suspect that Fedora's doing, or not
>> doing something, to cause this.
>>
>> Cheers,
>>
>> Phil...
>>
> Dumb question - have you checked the network connection? See if
> changing the cable or the port on the switch helps. It seams strange
> that the external IP address changing would cause this, but for some
> strange reason hardware problems totally unrelated to the change
> seam to pick that time to happen.
I put a brand new cat 5 into another HP ProCurve that I have racked as a
backup & still the same:
'Could not get metalink
https://mirrors.fedoraproject.org/metalink?repo=updates-released-f17&arch...
error was
14: curl#6 - "Could not resolve host: mirrors.fedoraproject.org; Name or
service not known"'
Thunderbird still needs three manual attempts to connect too (as you can
see, it does work eventually).
I've rebooted, looked in logs. I'm at a loss...
Cheers,
Phil...
--
currently (ab)using
CentOS 5.9 & 6.4, Debian Squeeze & Wheezy, Fedora Beefy, Spherical &
That Damn Cat, Lubuntu 12.10, OS X Snow Leopard & Ubuntu Precise,
Quantal & Raring
GnuPG Key : http://www.horse-latitudes.co.uk/publickey.asc
11 years
Re: Using bind for a local caching name server, is this
configuration correct?
by stan
On Wed, 03 Jul 2019 13:02:52 +0930
Tim via users <users(a)lists.fedoraproject.org> wrote:
> No, that was it.
Darn.
> You haven't firewalled things into non-functionality?
I'm running the default firewalld setting of public. And nothing has
difficulties accessing the web with the router serving as dns. Just in
case I set it to allow dns receive and sending in firewall-config.
> Use the dig command. See how your local DNS server responds. Check
> that you can directly query outside servers.
>
> This will query the default server:
> dig example.com
This is the router serving as dns server .
$ dig example.com
; <<>> DiG 9.11.7-RedHat-9.11.7-2.fc31 <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5231
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;example.com. IN A
;; ANSWER SECTION:
example.com. 8282 IN A 93.184.216.34
;; Query time: 31 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Wed Jul 03 08:32:22 MST 2019
;; MSG SIZE rcvd: 56
This is with the named dns server enabled.
~ 08:32 AM stan 4
$ dig example.com
; <<>> DiG 9.11.7-RedHat-9.11.7-2.fc31 <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 29932
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 54379ff525f36c2fd4559fa05d1ccafd9be3183a7324435a (good)
;; QUESTION SECTION:
;example.com. IN A
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jul 03 08:34:21 MST 2019
;; MSG SIZE rcvd: 68
> This will query specific servers:
> dig example.com @1.1.1.1
When the first failed, skipped this.
I am seeing entries like this in the logs when the named dns server is
running and I try to resolve a name. 1.1.1.1 and 9.9.9.9 are the
forwarding dns servers.
Jul 03 08:40:24 localhost.Home named[11573]: timed out resolving 'localhost.Home.localhost.Home/A/IN': 1.1.1.1#53
Jul 03 08:40:23 localhost.Home named[11573]: timed out resolving 'localhost.Home.localhost.Home/A/IN': 9.9.9.9#53
And these, that look like ipv6 addresses, though I have it disabled.
Jul 03 08:40:25 localhost.Home named[11573]: network unreachable resolving 'localhost.Home.localhost.Home/A/IN': 2001:7fd::1#53
Jul 03 08:40:25 localhost.Home named[11573]: network unreachable resolving 'localhost.Home.localhost.Home/A/IN': 2001:500:2d::d#53
Jul 03 08:40:25 localhost.Home named[11573]: network unreachable resolving 'localhost.Home.localhost.Home/A/IN': 2001:500:1::53#53
Jul 03 08:40:25 localhost.Home named[11573]: network unreachable resolving 'localhost.Home.localhost.Home/A/IN': 2001:500:2f::f#53
Jul 03 08:40:25 localhost.Home named[11573]: network unreachable resolving 'localhost.Home.localhost.Home/A/IN': 2001:500:12::d0d#53
Jul 03 08:40:25 localhost.Home named[11573]: network unreachable resolving 'localhost.Home.localhost.Home/A/IN': 2001:503:ba3e::2:30#53
Jul 03 08:40:25 localhost.Home named[11573]: network unreachable resolving 'localhost.Home.localhost.Home/A/IN': 2001:500:200::b#53
Jul 03 08:40:25 localhost.Home named[11573]: network unreachable resolving 'localhost.Home.localhost.Home/A/IN': 2001:500:a8::e#53
Jul 03 08:40:25 localhost.Home named[11573]: network unreachable resolving 'localhost.Home.localhost.Home/A/IN': 2001:7fe::53#53
Jul 03 08:40:25 localhost.Home named[11573]: network unreachable resolving 'localhost.Home.localhost.Home/A/IN': 2001:dc3::35#53
Jul 03 08:40:25 localhost.Home named[11573]: network unreachable resolving 'localhost.Home.localhost.Home/A/IN': 2001:500:9f::42#53
Jul 03 08:40:25 localhost.Home named[11573]: network unreachable resolving 'localhost.Home.localhost.Home/A/IN': 2001:503:c27::2:30#53
Jul 03 08:40:25 localhost.Home named[11573]: network unreachable resolving 'localhost.Home.localhost.Home/A/IN': 2001:500:2::c#53
I also tried adjusting the firewall in the router to pass dns, both as
a service and just as port 53, with no better results. I wonder if my
ISP is filtering dns responses that don't go to the router connection?
Their dns servers are good, Level3, but Level3's privacy policy doesn't
include not keeping records of all transactions. And once they are
kept, they can be sold.
I also tried having bind / named use the router dns as a resolver with
no better luck.
I think there is something obvious that I am missing, but I am at an
impasse. I might just set up dnsmasq or knot-resolver. Bind / named
is really overkill for my usecase, but I thought it would be relatively
easy to get working. I'll put this on the back-burner for the time
being.
Thanks for your help. And a thank you to everyone else who responded,
too.
4 years, 11 months
Re: OT - Success! - The new Palm Pre, Google Calendar and Kontact
by Christopher A Williams
On Wed, 2009-06-17 at 13:15 -0430, Patrick O'Callaghan wrote:
> >> But on this point I must agree: The Pre absolutely does
> >> rock!!! Based on
> >> having used mine for just a few days now, I can confidently
> >> say that
> >> Apple and the iPhone have some serious, formidable competition
> >> on their
> >> hands - including the new iPhone 3Gs.
> >>
> >> Not while it's only available for CDMA networks.
> >
> > That's a matter of opinion and taste as opposed to fact.
> >
> > http://www.hardwaresecrets.com/article/151
>
> Well, no. The pros and cons of GSM vs CDMA as *technologies* are largely
> irrelevant in this discussion. The fact is that that most of the world
> uses GSM and only a GSM phone is of interest to it. The same applies to
> those Americans who want to use their phone while travelling abroad. The
> Palm Pre will become competitive in these markets only when a GSM
> version is released. I hope it's soon as the phone itself looks gorgeous.
Umm... If you actually read the article, you would know that it
specifically states the technology is not the issue, but market is, and
that even here the "war" is likely to continue ad-infinitum.
If I were living outside the USA, I might tend to think the way you are
too. But actually, I *am* one of those Americans who uses their phone
while traveling abroad. I'm based in the USA and travel internationally
(mostly Western Europe right now) on a regular basis, and I have a
different perspective than you might realize. I will use GSM when I have
no other alternative - which actually is surprisingly less than I
thought.
Also, international roaming rates being what they are, I can vouch for
that most people's preference is to try to use a locally based mobile
phone, so the network compatibility issue is even smaller - regardless
of preference. I've personally paid some of those international roaming
charges. It's not a pretty sight...
CDMA is also growing in several places outside of the USA, and we're not
planning to replace that infrastructure in the USA anytime soon. The GSM
tide here seems to be shrinking more than growing.
But all of that said, I would be shocked if we don't see a GSM version
of the Pre by early next year when AT&T and Verizon are supposed to pick
it up.
Other Topic:
> "Most of the pundits" live in a huge echo chamber so they reinforce each
> other a lot (e.g. they think Linux is only for geeks). The article I'm
> talking about is
> http://arstechnica.com/gadgets/news/2009/06/ars-reviews-the-palm-pre-part...
Well, I would say that depends on which pundits you are talking about.
Since I am entering the world of "Punditry" myself for my employer
(hosting an Information Week webinar next month - online interview and
white paper on virtualization this month), I sincerely hope not to just
be echoing everyone else.
...At least, I don't think Linux is just for geeks. I've got both my
parents and several non-geek friends using F10 and F11 right now. :)
The article is an interesting read though. I like the comments best.
Especially the one:
The entire Pre WebOS is pretty much just a set of proprietary
applications running on a pretty standard Linux distro... Alsa,
Pulseaudio, Gstreamer, Upstart, GNU C, Busybox, Apache Harmony,
dnsmasq, DBus, Webkit, etc etc.
Its basically what you get when you take people good at
usability and you give them a Arm-based Linux distro. Pretty
neat stuff, actually.
But I also would agree with the one who wrote:
This review sure did not start off well. The iPhone does a lot
more things extremely well than media. The Palm Pre is very
obviously targeted at consumers not the Blackberry world at all.
I guess its one way to look original and get pageviews though.
Then again, this comment underscores my original point...
--
====================================================
"Patriotism is when love of your own people comes first;
nationalism, when hate for people other than your own comes first."
--Charles de Gaulle
14 years, 12 months
Re: nscd and DNS cache
by JD
On 05/16/2012 03:18 AM, Daniel Bossert wrote:
> fedora skrev 16.05.12 10:33:
>> ... or try dnsmasq
>>
>> suomi
>>
>> On 05/16/2012 08:54 AM, JD wrote:
>>> On Tue, May 15, 2012 at 9:20 PM, Ed Greshko<Ed.Greshko(a)greshko.com>
>>> wrote:
>>>> On 05/16/2012 10:11 AM, JD wrote:
>>>>> I have nscd running.
>>>>> /etc/resolv.conf starts out with
>>>>> nameserver 127.0.0.1
>>>>> nameserver 192.168.1.254
>>>>>
>>>>>
>>>>> The 192.168.1.254 is the router, which has been a fast and reliable
>>>>> resolver.
>>>>>
>>>>> So, to test nscd caching behavior,
>>>>> I browse (using FF) over to any website.
>>>>> After some time, the address is resolved and the page comes up.
>>>>> I kill the tab of the page, and open a new tab and aim the browser
>>>>> at same url. Browser again says: looking up whatever....com and takes
>>>>> several seconds to resolve it.
>>>>>
>>>>> I thought that nscd is supposed to cache the translation from the
>>>>> first lookup.
>>>>>
>>>>> Am I to believe that the browser is NOT using /etc/resolv.conf?
>>>>> If not, what is it using?
>>>>> Or could it be that nscd is useless in this respect?
>>>>>
>>>> I've not looked at nscd in a long time....but I never could see the
>>>> value in it and
>>>> never could get it to what I thought was a working or useful
>>>> configuration for my needs.
>>>>
>>>> No browser or application uses resolv.conf directly. They make
>>>> calls to the resolver
>>>> libraries which in turn use it.
>>>>
>>>> IMO, if your router does caching name services there really is no
>>>> benefit to having
>>>> systems do their own caching since the overhead of local requests
>>>> should be small.
>>>> However, it seems that your router may not be caching since it is
>>>> taking several seconds.
>>>>
>>>> In cases where the router isn't doing caching, or is doing it
>>>> poorly, I prefer to
>>>> simply run bind on a single server and point all the systems to it
>>>> for resolution.
>>>>
>>>> With the current Fedora systems this is easy. All one need to do is
>>>> install bind and
>>>> bind-chroot and enable/start the service. On the "bind" host all
>>>> you need is
>>>> 127.0.0.1 defined as a nameserver. Then, if you use a tool such as
>>>> "wireshark" you
>>>> will see that requests will only go out if the answer is not in the
>>>> cache or the TTL
>>>> has expired.
>>>>
>>> I understand the libs are what make calls to the resolver. But even
>>> the resolver must look
>>> at /etc/resolv.conf. If it is empty, NOTHING gets resolved.
>>> I was using nscd thinking it is a lightweight caching resolver. But as
>>> it turns out it is useless.
>>> Time for fedora to bury it :)
>>> Re: My router: it does very little if any caching - and has no
>>> configuration for it at all.
>>>
>>> I will try bind.
>>>
>>> Thanx Ed.
>>>
>>> JD
> HI
> Why do you have 127.0.0.1 in /etc/resolv.conf? Could it be that your
> computer ask himself to resolv this ip and as he can't do that then he
> get to your router and ask?
> Do you have the same behaviour when only your router's ip adress is in
> /etc/resolv.conf?
>
> kind regards
> Daniel
Well, if I recall correctly, using a caching dns daemon requires that
the first entry in /etc/resolv.conf be 127.0.0.1 followed by external
nameservers' ip addresses.
And yes, re: same behavior when only router's ip address is in resolv.conf.
As I indicated, the router does not seem to be caching anything, and I
believe
for good reason: reduce production cost - saving a few pennies per unit
can amount to millions of dollars. I have worked at industries that did
similar cost saving (or profit creating) design decisions. Just my
$.02's worth.
12 years, 1 month
Re: Selinux Problems
by Jim
On 10/06/2009 10:56 AM, Daniel J Walsh wrote:
> On 10/05/2009 05:27 PM, Paolo Galtieri wrote:
>
>> On Mon, Oct 5, 2009 at 2:13 PM, Daniel J Walsh<dwalsh(a)redhat.com> wrote:
>>
>>
>>> On 10/05/2009 03:22 PM, Paolo Galtieri wrote:
>>>
>>>> On Mon, Oct 5, 2009 at 11:11 AM, Daniel J Walsh<dwalsh(a)redhat.com>
>>>>
>>> wrote:
>>>
>>>>
>>>>> On 10/05/2009 02:08 PM, Jim wrote:
>>>>>
>>>>>> FC11/Kde
>>>>>>
>>>>>> Trying to print on a Samsung CLX-3175FN.
>>>>>> Selinux is playing havoc with printer drivers, these drivers are from
>>>>>> Samsung and I'm getting many Selinux Alerts, to many to keep running
>>>>>> Restorecon.
>>>>>> The printing is coming out with double columns with 1/8" white lines
>>>>>> down through text or pictures.
>>>>>> There are no GPL drivers for this printer, it's to New !
>>>>>>
>>>>>> If I disable Selinux, the printer will print normal.
>>>>>>
>>>>>> How do I relabel all the files on the computer ?
>>>>>> do I relabel from telinit 3 or what ?
>>>>>>
>>>>>>
>>>>> Please show me the AVC's you are seeing. Or send me a compresses
>>>>> /var/log/audit/audit.log
>>>>>
>>>>> --
>>>>> fedora-list mailing list
>>>>> fedora-list(a)redhat.com
>>>>> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>>>>> Guidelines:
>>>>> http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
>>>>>
>>>>>
>>>> I have seen the following SELinux alert:
>>>>
>>>> SELinux is preventing hp (hplip_t) "name_bind" howl_port_t.
>>>>
>>>> lpstat -t shows
>>>>
>>>> printer HP_Color_LaserJet_2605dn disabled since Thu 01 Oct 2009 09:36:23
>>>>
>>> AM
>>>
>>>> MST -
>>>> /usr/lib/cups/backend/hp failed
>>>>
>>>> If I change the URI associated with the printer config from
>>>>
>>>> hp:/net/HP_Color_laserjet_2605dn?zc=hpcolorjet
>>>>
>>>> to
>>>>
>>>> hp:/net/HP_Color_laserjet_2605dn?ip=192.168.10.71
>>>>
>>>> then the alerts go away.
>>>>
>>>> The printer is an HP printer and was configured using hp-setup.
>>>>
>>>> Paolo
>>>>
>>>>
>>>>
>>> Could you grep for howl_port_t and attach the output
>>>
>>> grep howl_port_t /var/log/audit/audit.log
>>>
>>>
>>> --
>>> fedora-list mailing list
>>> fedora-list(a)redhat.com
>>> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>>> Guidelines:
>>> http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
>>>
>>>
>> type=AVC msg=audit(1254414474.185:50294): avc: denied { name_bind } for
>> pid=18462 comm="hp" src=5353
>> scontext=system_u:system_r:hplip_t:s0-s0:c0.c1023
>> tcontext=system_u:object_r:howl_port_t:s0 tclass=udp_socket
>> type=AVC msg=audit(1254414573.360:50295): avc: denied { name_bind } for
>> pid=18499 comm="hp" src=5353
>> scontext=system_u:system_r:hplip_t:s0-s0:c0.c1023
>> tcontext=system_u:object_r:howl_port_t:s0 tclass=udp_socket
>> type=AVC msg=audit(1254414980.894:50346): avc: denied { name_bind } for
>> pid=18699 comm="hp" src=5353
>> scontext=system_u:system_r:hplip_t:s0-s0:c0.c1023
>> tcontext=system_u:object_r:howl_port_t:s0 tclass=udp_socket
>> type=AVC msg=audit(1254415674.640:50382): avc: denied { name_bind } for
>> pid=18942 comm="hp" src=5353
>> scontext=system_u:system_r:hplip_t:s0-s0:c0.c1023
>> tcontext=system_u:object_r:howl_port_t:s0 tclass=udp_socket
>> type=AVC msg=audit(1254415783.474:50425): avc: denied { name_bind } for
>> pid=19012 comm="hp" src=5353
>> scontext=system_u:system_r:hplip_t:s0-s0:c0.c1023
>> tcontext=system_u:object_r:howl_port_t:s0 tclass=udp_socket
>> type=AVC msg=audit(1254415964.178:50441): avc: denied { name_bind } for
>> pid=19154 comm="hp" src=5353
>> scontext=system_u:system_r:hplip_t:s0-s0:c0.c1023
>> tcontext=system_u:object_r:howl_port_t:s0 tclass=udp_socket
>>
>> Paolo
>>
>>
>>
> I guess the question is why does the hplip want to listen on the Multicast DNS port. If this is supposed to happen, we need to add it to policy.
>
> You can add it for now using audit2allow
>
> # grep hplip_t /var/log/audit/audit.log | audit2allow -M myhplip
> # semodule -i myhplip.pp
>
>
I have a problem with DNS in FC11, FC12 and in a file
/etc/dhclient-eth0.conf I have the line;
prepend domain-name-servers 127.0.0.1;
And DNSmasq is enabled.
And in Firefox config I have;
network.dns.disableIPv6
14 years, 8 months