Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: BIND and dig errors
Top Forums UNIX for Dummies Questions & Answers BIND and dig errors Post 12104 by sam_pointer on Wednesday 19th of December 2001 09:50:18 AM
Old 12-19-2001
Solved it, now to refine....
I've located the source of the problem: IPCHAINS.

When I stop my firewalling on the Linux box local and remote DNS resolution are both fine.

My ipchains rules are as such (assuming that the IP address of my box is 123.123.123.123):

:input DENY
:forward DENY
:output ACCEPT

-A input -p icmp -j ACCEPT

# dns
-A input -d 123.123.123.123 53 -p udp -j ACCEPT
-A input -s 123.123.123.123 53 -p udp -j ACCEPT
-A input -d 123.123.123.123 53 -p tcp -j ACCEPT
-A input -s 123.123.123.123 53 -p tcp -j ACCEPT

# ssh
-A input -d 123.123.123.123 22 -p udp -j ACCEPT
-A input -s 123.123.123.123 22 -p udp -j ACCEPT
-A input -d 123.123.123.123 22 -p tcp -j ACCEPT
-A input -s 123.123.123.123 22 -p tcp -j ACCEPT

which in my mind would allow all ssh trafic (which it does) and all DNS traffic, regardless of whether it travelled over udp (usual) or tcp (rarely). The connection should also be allowed both ways, surely.

Can anyone spot any obvious mistakes? Thanks again.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

dig

what is dig? Is it just a advanced type of nslookup? how to use it? //nicke:confused: (1 Reply)
Discussion started by: nicke30
1 Replies

2. Shell Programming and Scripting

New to UNIX - what script to dig into to

First I would like to thank you for your time in running a great Forum! Background - Windows/ASP/VB COM/SQL Server programmer/Webmaster. Desire - To build similar skillset on UNIX. I am looking at learning Perl or Python (maybe Jython due to connection to Java). I have a brief background... (3 Replies)
Discussion started by: nimrod
3 Replies

3. UNIX for Dummies Questions & Answers

linux dig command

When I use the linux dig command such as #dig yahoo.com it resolves but when I use the same command as root it gives me error "Segmentation Fault" Please advise I am completly baffled. (1 Reply)
Discussion started by: Tirmazi
1 Replies

4. Solaris

Errors compiling Bind

Hi all, Apologies if this is the wrong forum for this question, if it is, could some one point me to the right one please. I am trying to compile bind-9.5.1b1 on Solaris 10 Get the error when try to configure: checking for OpenSSL library... using OpenSSL from /usr/local/lib and... (5 Replies)
Discussion started by: callmebob
5 Replies

5. UNIX for Dummies Questions & Answers

Dig command output?

all, i am newbie to dns bind . Any help is very appreciated. I am using dig command to view the records in the config. I am expecting the following comamnds to display all the A (Address records) in the zone data file. my zone data file looks like this ------------------- $ORIGIN . $TTL... (2 Replies)
Discussion started by: sujathab
2 Replies

6. UNIX for Dummies Questions & Answers

dig query time

Hi Guys, I just need a confirmation if what think i know is right . dig yahoo.com ; <<>> DiG 9.7.0-P1 <<>> yahoo.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27410 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0 ... (1 Reply)
Discussion started by: mtomar
1 Replies

7. IP Networking

The dig command

Can I use two different DNS servers in the one command in the form of primary and secondary. Take this for example: dig @<primaryAddress> @<secondaryAddress> MX domain.tld So if primary address is down, it will use the secondary address as a backup. It seems to work when testing, but thought... (1 Reply)
Discussion started by: neil_is_ere
1 Replies

8. UNIX for Advanced & Expert Users

DIG uses localhost

Hi, I have these entries in the /etc/esolv.conf: ------------ domain xxxxxx search yyyyyy nameserver 127.0.0.1 nameserver aaaaaaaaaaaaaaaa nameserver bbbbbbbbbbbbbbbb ------------- When I use 'dig' or 'nslookup' command, like 'dig yahoo.com' it uses the localhost as the server. I... (2 Replies)
Discussion started by: chaandana
2 Replies

9. Shell Programming and Scripting

Dig match

Hi, I am testing some code to match a grep to see if one of the dns server exists but it does not seem to match: ERROR: ======= CRITICAL: google.com DNS : ns3.google.com NOT found CODE: ===== if ; then echo "OK: google.com DNS : ns3.google.com exists" else echo... (5 Replies)
Discussion started by: dmccabe
5 Replies

10. Shell Programming and Scripting

Perl dig script

Experts - I was hoping someone could help me out with the logic on this perl script. I'm trying to run some dig commands and parse in such a way as to group them together. Here's what I have so far. #!/usr/bin/perl system(clear); my @host = qw/yahoo.com google.com /; foreach... (2 Replies)
Discussion started by: timj123
2 Replies

LEARN ABOUT DEBIAN

sort::fields

Fields(3pm)						User Contributed Perl Documentation					       Fields(3pm)

NAME

       Sort::Fields - Sort lines containing delimited fields

SYNOPSIS

	 use Sort::Fields;
	 @sorted = fieldsort [3, '2n'], @lines;
	 @sorted = fieldsort '+', [-1, -3, 0], @lines;

	 $sort_3_2n = make_fieldsort [3, '2n'], @lines;
	 @sorted = $sort_3_2n->(@lines);

DESCRIPTION

       Sort::Fields provides a general purpose technique for efficiently sorting lists of lines that contain data separated into fields.

       Sort::Fields automatically imports two subroutines, "fieldsort" and "make_fieldsort", and two variants, "stable_fieldsort" and "make_sta-
       ble_fieldsort".	"make_fieldsort" generates a sorting subroutine and returns a reference to it.	"fieldsort" is a wrapper for the
       "make_fieldsort" subroutine.

       The first argument to make_fieldsort is a delimiter string, which is used as a regular expression argument for a "split" operator.  The
       delimiter string is optional.  If it is not supplied, make_fieldsort splits each line using "/s+/".

       The second argument is an array reference containing one or more field specifiers.  The specifiers indicate what fields in the strings will
       be used to sort the data.  The specifier "1" indicates the first field, "2" indicates the second, and so on.  A negative specifier like
       "-2" means to sort on the second field in reverse (descending) order.  To indicate a numeric rather than alphabetic comparison, append "n"
       to the specifier.  A specifier of "0" means the entire string ("-0" means the entire string, in reverse order).

       The order in which the specifiers appear is the order in which they will be used to sort the data.  The primary key is first, the secondary
       key is second, and so on.

       "fieldsort [1, 2], @data" is roughly equivalent to "make_fieldsort([1, 2])->(@data)".  Avoid calling fieldsort repeatedly with the same
       sort specifiers.  If you need to use a particular sort more than once, it is more efficient to call "make_fieldsort" once and reuse the
       subroutine it returns.

       "stable_fieldsort" and "make_stable_fieldsort" are like their "unstable" counterparts, except that the items that compare the same are
       maintained in their original order.

EXAMPLES

       Some sample data (in array @data):

	 123   asd   1.22   asdd
	 32    ewq   2.32   asdd
	 43    rewq  2.12   ewet
	 51    erwt  34.2   ewet
	 23    erww  4.21   ewet
	 91    fdgs  3.43   ewet
	 123   refs  3.22   asdd
	 123   refs  4.32   asdd

	 # alpha sort on column 1
	 print fieldsort [1], @data;

	 123   asd   1.22   asdd
	 123   refs  3.22   asdd
	 123   refs  4.32   asdd
	 23    erww  4.21   ewet
	 32    ewq   2.32   asdd
	 43    rewq  2.12   ewet
	 51    erwt  34.2   ewet
	 91    fdgs  3.43   ewet

	 # numeric sort on column 1
	 print fieldsort ['1n'], @data;

	 23    erww  4.21   ewet
	 32    ewq   2.32   asdd
	 43    rewq  2.12   ewet
	 51    erwt  34.2   ewet
	 91    fdgs  3.43   ewet
	 123   asd   1.22   asdd
	 123   refs  3.22   asdd
	 123   refs  4.32   asdd

	 # reverse numeric sort on column 1
	 print fieldsort ['-1n'], @data;

	 123   asd   1.22   asdd
	 123   refs  3.22   asdd
	 123   refs  4.32   asdd
	 91    fdgs  3.43   ewet
	 51    erwt  34.2   ewet
	 43    rewq  2.12   ewet
	 32    ewq   2.32   asdd
	 23    erww  4.21   ewet

	 # alpha sort on column 2, then alpha on entire line
	 print fieldsort [2, 0], @data;

	 123   asd   1.22   asdd
	 51    erwt  34.2   ewet
	 23    erww  4.21   ewet
	 32    ewq   2.32   asdd
	 91    fdgs  3.43   ewet
	 123   refs  3.22   asdd
	 123   refs  4.32   asdd
	 43    rewq  2.12   ewet

	 # alpha sort on column 4, then numeric on column 1, then reverse
	 # numeric on column 3
	 print fieldsort [4, '1n', '-3n'], @data;

	 32    ewq   2.32   asdd
	 123   refs  4.32   asdd
	 123   refs  3.22   asdd
	 123   asd   1.22   asdd
	 23    erww  4.21   ewet
	 43    rewq  2.12   ewet
	 51    erwt  34.2   ewet
	 91    fdgs  3.43   ewet

	 # now, splitting on either literal period or whitespace
	 # sort numeric on column 4 (fractional part of decimals) then
	 # numeric on column 3 (whole part of decimals)
	 print fieldsort '(?:.|s+)', ['4n', '3n'], @data;

	 51    erwt  34.2   ewet
	 43    rewq  2.12   ewet
	 23    erww  4.21   ewet
	 123   asd   1.22   asdd
	 123   refs  3.22   asdd
	 32    ewq   2.32   asdd
	 123   refs  4.32   asdd
	 91    fdgs  3.43   ewet

	 # alpha sort on column 4, then numeric on the entire line
	 # NOTE: produces warnings under -w
	 print fieldsort [4, '0n'], @data;

	 32    ewq   2.32   asdd
	 123   asd   1.22   asdd
	 123   refs  3.22   asdd
	 123   refs  4.32   asdd
	 23    erww  4.21   ewet
	 43    rewq  2.12   ewet
	 51    erwt  34.2   ewet
	 91    fdgs  3.43   ewet

	 # stable alpha sort on column 4 (maintains original relative order
	 # among items that compare the same)
	 print stable_fieldsort [4], @data;

	 123   asd   1.22   asdd
	 32    ewq   2.32   asdd
	 123   refs  3.22   asdd
	 123   refs  4.32   asdd
	 43    rewq  2.12   ewet
	 51    erwt  34.2   ewet
	 23    erww  4.21   ewet
	 91    fdgs  3.43   ewet

BUGS

       Some rudimentary tests now.

       Perhaps something should be done to catch things like:

	 fieldsort '.', [1, 2], @lines;

       '.' translates to "split /./" -- probably not what you want.

       Passing blank lines and/or lines containing the wrong kind of data (alphas instead of numbers) can result in copious warning messages under
       "-w".

       If the regexp contains memory parentheses ("(...)" rather than "(?:...)"), split will function in "delimiter retention" mode, capturing the
       contents of the parentheses as well as the stuff between the delimiters.  I could imagine how this could be useful, but on the other hand I
       could also imagine how it could be confusing if encountered unexpectedly.  Caveat sortor.

       Not really a bug, but if you are planning to sort a large text file, consider using sort(1).  Unless, of course, your operating system
       doesn't have sort(1).

AUTHOR

       Joseph N. Hall, joseph@5sigma.com

SEE ALSO

       perl(1).

perl v5.8.8							    2008-03-25							       Fields(3pm)
All times are GMT -4. The time now is 02:05 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy