[CLUE-Tech] named & Suse 9

Mike Staver staver at fimble.com
Sun Mar 28 09:08:27 MST 2004 

Well, that didn't work either.  But, good call though - adding it can't 
hurt ;)

Chris Schock wrote:

>I don't know what the extra lines are either, but you're missing one
>teency part: a default gateway. :)
>
>Add that and you'll be in business.
>
>  
>
>>I feel dumb for asking this here... but I can't figure it out.  I set up
>>a Suse 9 box with dhcp - and then today I changed the IP to a static
>>one.  I did so by modifying the file /etc/sysconfig/network/ifcfg-eth0,
>>and I changed it to:
>>
>>BOOTPROTO='static'
>>MTU=''
>>REMOTE_IPADDR=''
>>STARTMODE='onboot'
>>UNIQUE='qnJ_.Er3ucFQoZE2'
>>DEVICE='eth0'
>>BROADCAST='64.242.89.255'
>>IPADDR='64.242.89.11'
>>NETMASK='255.255.255.0'
>>NETWORK='64.242.89.0'
>>
>>Using Red Hat, I have never seen the network files configured this
>>way... I added all the lines from device on down, matching what I had
>>used in Red Hat.  I don't know what the lines:
>>
>>MTU=''
>>REMOTE_IPADDR=''
>>UNIQUE='qnJ_.Er3ucFQoZE2'
>>
>>should contain.  I left them alone as a result.  I can ssh into this box
>>under that IP now, but running named on it fails.  Here are my logs:
>>
>>Mar 27 23:31:56 linux named[2102]: starting BIND 9.2.2 -t /var/lib/named
>>-u named
>>Mar 27 23:31:56 linux named[2102]: using 1 CPU
>>Mar 27 23:31:56 linux named[2104]: loading configuration from
>>'/etc/named.conf'
>>Mar 27 23:31:56 linux named[2104]: listening on IPv6 interfaces, port 53
>>Mar 27 23:31:56 linux named[2104]: listening on IPv4 interface lo,
>>127.0.0.1#53
>>Mar 27 23:31:56 linux named[2104]: listening on IPv4 interface eth0,
>>64.242.89.11#53
>>Mar 27 23:31:56 linux named[2104]: command channel listening on
>>127.0.0.1#953
>>Mar 27 23:31:56 linux named[2104]: command channel listening on ::1#953
>>Mar 27 23:31:56 linux named[2104]: zone 0.0.127.in-addr.arpa/IN: loaded
>>serial 2000122104
>>Mar 27 23:31:56 linux named[2104]: zone 89.242.64.in-addr.arpa/IN:
>>loaded serial 2001021482
>>Mar 27 23:31:58 linux named[2104]: client 193.231.236.25#11505: error
>>sending response: network unreachable
>>Mar 27 23:31:58 linux named[2104]: client 193.231.236.17#53: error
>>sending response: network unreachable
>>
>>Obviously, the part that concerns me is "network unreachable". This has
>>to be a config issue with named, because when I run nmap:
>>
>>Starting nmap 3.45 ( http://www.insecure.org/nmap/ ) at 2004-03-28 00:44
>>MST
>>Host kenny.globaltaxnetwork.com (64.242.89.11) appears to be up ... good.
>>Initiating SYN Stealth Scan against kenny.globaltaxnetwork.com
>>(64.242.89.11) at 00:44
>>Adding open port 22/tcp
>>Adding open port 111/tcp
>>Adding open port 631/tcp
>>Adding open port 53/tcp
>>The SYN Stealth Scan took 0 seconds to scan 1657 ports.
>>For OSScan assuming that port 22 is open and port 1 is closed and
>>neither are firewalled
>>For OSScan assuming that port 22 is open and port 1 is closed and
>>neither are firewalled
>>For OSScan assuming that port 22 is open and port 1 is closed and
>>neither are firewalled
>>Interesting ports on kenny.globaltaxnetwork.com (64.242.89.11):
>>(The 1653 ports scanned but not shown below are in state: closed)
>>PORT    STATE SERVICE
>>22/tcp  open  ssh
>>53/tcp  open  domain
>>111/tcp open  rpcbind
>>631/tcp open  ipp
>>
>>I'm wondering if Suse has a firewall running by default? I don't see
>>iptables or ipchains in /etc/init.d, but I see some Suse firewall
>>stuff... which I stopped all of it.  Also, in /etc/init.d/rc3.d I don't
>>see any firewall stuff starting by default.  So, since I'm assuming it's
>>a named config issue, here is my named.conf file:
>>
>>###########################################################################
>>options {
>>
>>        # The directory statement defines the name server's working
>>directory
>>
>>#       directory "/usr/local/named";
>>
>>        # Write dump and statistics file to the log subdirectory.  The
>>        # pathenames are relative to the chroot jail.
>>
>>        dump-file "/var/log/named_dump.db";
>>        statistics-file "/var/log/named.stats";
>>
>>        # The listen-on record contains a list of local network
>>interfaces to
>>        # listen on.  Optionally the port can be specified.  Default is to
>>        # listen on all interfaces found on your system.  The default
>>port is
>>        # 53.
>>
>>        #listen-on port 53 { 127.0.0.1; };
>>
>>        # The listen-on-v6 record enables or disables listening on IPv6
>>        # interfaces.  Allowed values are 'any' and 'none' or a list of
>>        # addresses.
>>
>>        listen-on-v6 { none; };
>>
>>        # The next three statements may be needed if a firewall stands
>>between
>>        # the local server and the internet.
>>
>>        #query-source address * port 53;
>>        #transfer-source * port 53;
>>        #notify-source * port 53;
>>
>>        # The allow-query record contains a list of networks or IP
>>addresses
>>        # to accept and deny queries from. The default is to allow queries
>>        # from all hosts.
>>
>>        #allow-query { 127.0.0.1; };
>>
>>        # If notify is set to yes (default), notify messages are sent to
>>other
>>        # name servers when the the zone data is changed.  Instead of
>>setting
>>        # a global 'notify' statement in the 'options' section, a separate
>>        # 'notify' can be added to each zone definition.
>>
>>        notify yes;
>>};
>>
>># The following zone definitions don't need any modification.  The first
>>one
>># is the definition of the root name servers.  The second one defines
>># localhost while the third defines the reverse lookup for localhost.
>>
>>
>>#zone "0.0.127.in-addr.arpa" in {
>>#       type master;
>>#       file "127.0.0";
>>#};
>>
>>zone "." {
>>        type hint;
>>        file "db.cache";
>>
>>zone "89.242.64.in-addr.arpa"{
>>        type master;
>>        file "db.89.242.64";
>>        allow-transfer {
>>                64.242.89.11;
>>                64.242.89.12;
>>        };
>>};
>>###############################################################
>>
>>I can't find any answers on groups.google.com - so I'm at a loss here.
>>I can't find the normal /etc/resolv.conf that I'm used to in Red Hat.
>>I'm also confused because to find resolv.conf, I would normally type:
>>
>>locate resolv.conf
>>
>>But, I get this when trying:
>>
>>kenny:/home/staver # locate resolv.conf
>>bash: locate: command not found
>>
>>
>>
>>
>>_______________________________________________
>>CLUE-Tech mailing list
>>Post messages to: CLUE-Tech at clue.denver.co.us
>>Unsubscribe or manage your options:
>>http://clue.denver.co.us/mailman/listinfo/clue-tech
>>
>>    
>>
>
>_______________________________________________
>CLUE-Tech mailing list
>Post messages to: CLUE-Tech at clue.denver.co.us
>Unsubscribe or manage your options: http://clue.denver.co.us/mailman/listinfo/clue-tech
>  
>

More information about the clue-tech mailing list