Sponsored Content
Full Discussion: BIND and dig errors
Top Forums UNIX for Dummies Questions & Answers BIND and dig errors Post 12104 by sam_pointer on Wednesday 19th of December 2001 09:50:18 AM
Old 12-19-2001
Solved it, now to refine....

I've located the source of the problem: IPCHAINS.

When I stop my firewalling on the Linux box local and remote DNS resolution are both fine.

My ipchains rules are as such (assuming that the IP address of my box is 123.123.123.123):

:input DENY
:forward DENY
:output ACCEPT

-A input -p icmp -j ACCEPT

# dns
-A input -d 123.123.123.123 53 -p udp -j ACCEPT
-A input -s 123.123.123.123 53 -p udp -j ACCEPT
-A input -d 123.123.123.123 53 -p tcp -j ACCEPT
-A input -s 123.123.123.123 53 -p tcp -j ACCEPT

# ssh
-A input -d 123.123.123.123 22 -p udp -j ACCEPT
-A input -s 123.123.123.123 22 -p udp -j ACCEPT
-A input -d 123.123.123.123 22 -p tcp -j ACCEPT
-A input -s 123.123.123.123 22 -p tcp -j ACCEPT

which in my mind would allow all ssh trafic (which it does) and all DNS traffic, regardless of whether it travelled over udp (usual) or tcp (rarely). The connection should also be allowed both ways, surely.

Can anyone spot any obvious mistakes? Thanks again.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

dig

what is dig? Is it just a advanced type of nslookup? how to use it? //nicke:confused: (1 Reply)
Discussion started by: nicke30
1 Replies

2. Shell Programming and Scripting

New to UNIX - what script to dig into to

First I would like to thank you for your time in running a great Forum! Background - Windows/ASP/VB COM/SQL Server programmer/Webmaster. Desire - To build similar skillset on UNIX. I am looking at learning Perl or Python (maybe Jython due to connection to Java). I have a brief background... (3 Replies)
Discussion started by: nimrod
3 Replies

3. UNIX for Dummies Questions & Answers

linux dig command

When I use the linux dig command such as #dig yahoo.com it resolves but when I use the same command as root it gives me error "Segmentation Fault" Please advise I am completly baffled. (1 Reply)
Discussion started by: Tirmazi
1 Replies

4. Solaris

Errors compiling Bind

Hi all, Apologies if this is the wrong forum for this question, if it is, could some one point me to the right one please. I am trying to compile bind-9.5.1b1 on Solaris 10 Get the error when try to configure: checking for OpenSSL library... using OpenSSL from /usr/local/lib and... (5 Replies)
Discussion started by: callmebob
5 Replies

5. UNIX for Dummies Questions & Answers

Dig command output?

all, i am newbie to dns bind . Any help is very appreciated. I am using dig command to view the records in the config. I am expecting the following comamnds to display all the A (Address records) in the zone data file. my zone data file looks like this ------------------- $ORIGIN . $TTL... (2 Replies)
Discussion started by: sujathab
2 Replies

6. UNIX for Dummies Questions & Answers

dig query time

Hi Guys, I just need a confirmation if what think i know is right . dig yahoo.com ; <<>> DiG 9.7.0-P1 <<>> yahoo.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27410 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0 ... (1 Reply)
Discussion started by: mtomar
1 Replies

7. IP Networking

The dig command

Can I use two different DNS servers in the one command in the form of primary and secondary. Take this for example: dig @<primaryAddress> @<secondaryAddress> MX domain.tld So if primary address is down, it will use the secondary address as a backup. It seems to work when testing, but thought... (1 Reply)
Discussion started by: neil_is_ere
1 Replies

8. UNIX for Advanced & Expert Users

DIG uses localhost

Hi, I have these entries in the /etc/esolv.conf: ------------ domain xxxxxx search yyyyyy nameserver 127.0.0.1 nameserver aaaaaaaaaaaaaaaa nameserver bbbbbbbbbbbbbbbb ------------- When I use 'dig' or 'nslookup' command, like 'dig yahoo.com' it uses the localhost as the server. I... (2 Replies)
Discussion started by: chaandana
2 Replies

9. Shell Programming and Scripting

Dig match

Hi, I am testing some code to match a grep to see if one of the dns server exists but it does not seem to match: ERROR: ======= CRITICAL: google.com DNS : ns3.google.com NOT found CODE: ===== if ; then echo "OK: google.com DNS : ns3.google.com exists" else echo... (5 Replies)
Discussion started by: dmccabe
5 Replies

10. Shell Programming and Scripting

Perl dig script

Experts - I was hoping someone could help me out with the logic on this perl script. I'm trying to run some dig commands and parse in such a way as to group them together. Here's what I have so far. #!/usr/bin/perl system(clear); my @host = qw/yahoo.com google.com /; foreach... (2 Replies)
Discussion started by: timj123
2 Replies
resolv.conf(5)							File Formats Manual						    resolv.conf(5)

Name
       resolv.conf - resolver configuration file

Description
       The  resolver  configuration  file, contains information that the resolver routines read the first time they are invoked by a process.  The
       resolver file contains ASCII text and lists the name-value pairs that provide various types of resolver information.

       The file is required if your system is running BIND.  This file must contain the BIND domain name for the local area network.  If your sys-
       tem is a BIND client, this file must also contain nameserver entries.

       There are two entry formats for the file:

       domain binddomain
	      This  line  specifies  the  default  domain to append to local host names.  If no domain entries are present, the domain returned by
	      after the first dot (.) is used.	If the host name does not contain a domain, the root domain is assumed.

       nameserver address
	      In this entry, the address is the IP address, in dot notation, of the BIND server that should be queried to resolve  host  name  and
	      address  information.   You should have at least one name server listed.	Two or more name servers reduces the possibility of inter-
	      rupted BIND service in the event that one of the servers is down.  You can list up to (10) name servers.	If more than one server is
	      listed,  the resolver library queries you to try them in the order listed.  If no name server entries are present, the default is to
	      use the name server on the local machine.

	      The algorithm used is to try a name server, and, if the query times out, to try the next, until out of name servers or the query	is
	      resolved.   The  last step is to repeat trying all the name servers until a maximum number of retries has been made or the query has
	      been resolved.

       The name value pair must appear on a single line, and the keyword or must start each line.

Examples
       The following is an example of a file:
       ;
       ; Data file for a client
       ;
       domain	      cities.us
       nameserver     128.11.22.33
       Lines beginning with a semicolon (;) are comment lines.

Files
See Also
       gethostname(2), resolver(3), named(8)
       Guide to the BIND Service

																    resolv.conf(5)
All times are GMT -4. The time now is 04:32 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy