[ale] dig works, ping doesn't ( was [ale] DNS lookups slooowwww.....)

John Wells jbwellsiv at yahoo.com
Tue Oct 23 12:50:59 EDT 2001 

Keith,

Thanks for the reply.

The short and sweet of it is this.  There are
basically four machines in this scenario.  

- fireman (my machine)
- internalnameserver
- externalnameserver1 (38.2.3.4)
- externalnameserver2 (38.2.3.5)

fireman is a test box we were setting up as a firewall
and possibly a proxy (if it ever moved into
production, it would only serve one of these
functions).

As it is now, fireman has two NICS.  One is connected
to an external T1 line (to the internet).  The other
is plugged into our internal network.  I've been
trying to get the machine configured so that it can
resolve hosts on both the internal and external
networks.

The fireman entry in /etc/resolv.conf came to be by
trial and error.  If I inserted it into
/etc/resolv.conf, dig and nslookups would work for
both internal and external hosts.  If I remove it,
then neither works (internal or external).  I guess
this would point to a problem with named's
configuration...

As you might have guessed, this is my first grapple
with named.  Methinks I'll dive into the rather long
chapter in USAH before proceeding... ;-)

Thanks to all...

John
--- Keith Hopkins <hne at inetnow.net> wrote:
> pardon my inane ramblings, but
> John Wells wrote:
> 
> > I am trying to get my machine's DNS server
> configured
> > properly.  The machine has two cards, one for
> internal
> > network and one for the external net (T1 line to
> > internet).  I want queries for my internal domain
> to
> > resolve via our internal DNS server, and for sites
> > like ale.com or kernel.org to resolve through two
> > external servers (38.2.3.4, 38.2.3.5)
> > 
> > The machine's name is fireman.  So in
> /etc/resolv.conf
> > I have:
> > 
> > search internalnet.com
> > nameserver fireman
> > nameserver internalnameserver
> > 
> > In /etc/nsswitch.conf, I have 
> > 
> > hosts: files dns
> > 
> > In /etc/named.conf, I have:
> > 
> > options {
> >     forward only;
> >     forwarders {38.2.3.4;38.2.3.5;};
> > };
> > 
> > With this configuration, dig and nslookup work
> great
> > for both internal and external sites.  Ping works
> on
> > internal sites.  However, if I try to ping an
> external
> > host I get and "unknown host" error.  If I try to
> > access an external site through Mozilla, I get the
> > same.  
> > 
> > I know it's probably a simple misconfiguration,
> but I
> > can't find it.  Can anyone help?  Thanks!
> > 
> > John
> > 
> > 
> 
> 
> Clarify some things for my poor tired head....
> 
> How many machines do you have?  3?  (fireman,
> internalnameserver, workstation)
> 
> Rule1: named ignores nsswitch.conf, resolv.conf, and
> hosts.
> Rule2: configure nsswitch.conf, resolv.conf and
> hosts properly on the workstation.
> Rule3: nslookup does not work like ping.  ping uses
> gethostbyname lib, nslookup does things it's own
> way.
> Rule4: if a name server responds (fireman) but does
> not return a name, the lookup does NOT continue to
> the next nameserver in the list
> (internalnameserver).  It only goes to the next
> server, if the first server does not respond at all
> (is down).
> 
> You might also try putting [notfound=CONTINUE]
> between "files" and "dns" in your nsswitch.conf.
> 
> What is in the hosts file on your workstation?
> What is in the resolv.conf on your workstation?
> What is in the nsswitch.conf on your workstation?
> 
> 
> If I'm reading this wrong, and you only have one
> machine (then why do you have two NICs?)...why do
> you have both fireman and internalnameserver in your
> resolv.conf?
> 
> If you have an old version of the OS, update your
> libs.  I seem to recall the gethostbyname lib was
> partly broken back the in 2.0 kernel days.
> 
> Lost in Tokyo,
>    Keith
> 
> 
> -- 
> "hne at inetnow.net" Copyright 1996-2001.  Not for
> distribution without express permission.
> 
> 
> ---
> This message has been sent through the ALE general
> discussion list.
> See http://www.ale.org/mailing-lists.shtml for more
> info. Problems should be 
> sent to listmaster at ale dot org.
> 


__________________________________________________
Do You Yahoo!?
Make a great connection at Yahoo! Personals.
http://personals.yahoo.com

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list