[CLUE-Tech] named & Suse 9
Mike Staver
staver at fimble.com
Sun Mar 28 01:10:07 MST 2004
I feel dumb for asking this here... but I can't figure it out. I set up
a Suse 9 box with dhcp - and then today I changed the IP to a static
one. I did so by modifying the file /etc/sysconfig/network/ifcfg-eth0,
and I changed it to:
BOOTPROTO='static'
MTU=''
REMOTE_IPADDR=''
STARTMODE='onboot'
UNIQUE='qnJ_.Er3ucFQoZE2'
DEVICE='eth0'
BROADCAST='64.242.89.255'
IPADDR='64.242.89.11'
NETMASK='255.255.255.0'
NETWORK='64.242.89.0'
Using Red Hat, I have never seen the network files configured this
way... I added all the lines from device on down, matching what I had
used in Red Hat. I don't know what the lines:
MTU=''
REMOTE_IPADDR=''
UNIQUE='qnJ_.Er3ucFQoZE2'
should contain. I left them alone as a result. I can ssh into this box
under that IP now, but running named on it fails. Here are my logs:
Mar 27 23:31:56 linux named[2102]: starting BIND 9.2.2 -t /var/lib/named
-u named
Mar 27 23:31:56 linux named[2102]: using 1 CPU
Mar 27 23:31:56 linux named[2104]: loading configuration from
'/etc/named.conf'
Mar 27 23:31:56 linux named[2104]: listening on IPv6 interfaces, port 53
Mar 27 23:31:56 linux named[2104]: listening on IPv4 interface lo,
127.0.0.1#53
Mar 27 23:31:56 linux named[2104]: listening on IPv4 interface eth0,
64.242.89.11#53
Mar 27 23:31:56 linux named[2104]: command channel listening on
127.0.0.1#953
Mar 27 23:31:56 linux named[2104]: command channel listening on ::1#953
Mar 27 23:31:56 linux named[2104]: zone 0.0.127.in-addr.arpa/IN: loaded
serial 2000122104
Mar 27 23:31:56 linux named[2104]: zone 89.242.64.in-addr.arpa/IN:
loaded serial 2001021482
Mar 27 23:31:58 linux named[2104]: client 193.231.236.25#11505: error
sending response: network unreachable
Mar 27 23:31:58 linux named[2104]: client 193.231.236.17#53: error
sending response: network unreachable
Obviously, the part that concerns me is "network unreachable". This has
to be a config issue with named, because when I run nmap:
Starting nmap 3.45 ( http://www.insecure.org/nmap/ ) at 2004-03-28 00:44 MST
Host kenny.globaltaxnetwork.com (64.242.89.11) appears to be up ... good.
Initiating SYN Stealth Scan against kenny.globaltaxnetwork.com
(64.242.89.11) at 00:44
Adding open port 22/tcp
Adding open port 111/tcp
Adding open port 631/tcp
Adding open port 53/tcp
The SYN Stealth Scan took 0 seconds to scan 1657 ports.
For OSScan assuming that port 22 is open and port 1 is closed and
neither are firewalled
For OSScan assuming that port 22 is open and port 1 is closed and
neither are firewalled
For OSScan assuming that port 22 is open and port 1 is closed and
neither are firewalled
Interesting ports on kenny.globaltaxnetwork.com (64.242.89.11):
(The 1653 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
111/tcp open rpcbind
631/tcp open ipp
I'm wondering if Suse has a firewall running by default? I don't see
iptables or ipchains in /etc/init.d, but I see some Suse firewall
stuff... which I stopped all of it. Also, in /etc/init.d/rc3.d I don't
see any firewall stuff starting by default. So, since I'm assuming it's
a named config issue, here is my named.conf file:
###########################################################################
options {
# The directory statement defines the name server's working
directory
# directory "/usr/local/named";
# Write dump and statistics file to the log subdirectory. The
# pathenames are relative to the chroot jail.
dump-file "/var/log/named_dump.db";
statistics-file "/var/log/named.stats";
# The listen-on record contains a list of local network
interfaces to
# listen on. Optionally the port can be specified. Default is to
# listen on all interfaces found on your system. The default
port is
# 53.
#listen-on port 53 { 127.0.0.1; };
# The listen-on-v6 record enables or disables listening on IPv6
# interfaces. Allowed values are 'any' and 'none' or a list of
# addresses.
listen-on-v6 { none; };
# The next three statements may be needed if a firewall stands
between
# the local server and the internet.
#query-source address * port 53;
#transfer-source * port 53;
#notify-source * port 53;
# The allow-query record contains a list of networks or IP addresses
# to accept and deny queries from. The default is to allow queries
# from all hosts.
#allow-query { 127.0.0.1; };
# If notify is set to yes (default), notify messages are sent to
other
# name servers when the the zone data is changed. Instead of
setting
# a global 'notify' statement in the 'options' section, a separate
# 'notify' can be added to each zone definition.
notify yes;
};
# The following zone definitions don't need any modification. The first one
# is the definition of the root name servers. The second one defines
# localhost while the third defines the reverse lookup for localhost.
#zone "0.0.127.in-addr.arpa" in {
# type master;
# file "127.0.0";
#};
zone "." {
type hint;
file "db.cache";
zone "89.242.64.in-addr.arpa"{
type master;
file "db.89.242.64";
allow-transfer {
64.242.89.11;
64.242.89.12;
};
};
###############################################################
I can't find any answers on groups.google.com - so I'm at a loss here.
I can't find the normal /etc/resolv.conf that I'm used to in Red Hat.
I'm also confused because to find resolv.conf, I would normally type:
locate resolv.conf
But, I get this when trying:
kenny:/home/staver # locate resolv.conf
bash: locate: command not found
More information about the clue-tech
mailing list