[CentOS] Re: Re: Re: What libs req'd to resolve DNS within achroot jail?
Eric B.
ebenze at hotmail.com
Mon Jan 14 23:59:14 UTC 2008
"William L. Maltby" <CentOS4Bill at triad.rr.com>
wrote in message
news:1200354890.5507.35.camel at centos01.homegroannetworking...
> On Mon, 2008-01-14 at 17:53 -0500, Eric B. wrote:
>> > Eric B. wrote:
>> >>>><snip>
>> >> Thanks for the feedback Rick. I didn't realize that security
>> >> implication.
>> >> However I'm already running this on a machine that is heavily
>> >> firewalled
>> >> on
>> >> a VPN so I am fairly sure that no one will be accessing this
>> >> externally,
>> >> but
>> >> I still would like to restrict access to particular machines.
>> >> Ideally,
>> >> would rather use FQDN to make life easier for me to administer. I
>> >> have
>> >> created my additional reverse-dns pointer but I am still having
>> >> problems
>> >> with it.
>> >>
>> >> nslookup from the server gives me:
>> >> # nslookup 192.168.3.103
>> >> Server: 192.168.1.67
>> >> Address: 192.168.1.67#53
>> >>
>> >> 103.3.168.192.in-addr.arpa name =
>> >> eric.test.com.3.168.192.in-addr.arpa.
>> >>
>> >
>> > It looks like there is a missing trailing dot in your DNS zone
>> > configuration. I doubt you are authoritative for the in-addr.arpa zone.
>> >
>> > in your zone file, you should have something like
>> > 103 IN PTR eric.test.example.
>> > (notice the last dot). Otherwise, the zone name (@ORIGIN) will be
>> > added.
>> >
>> >
>> > make sure you have a matching reverse _and_ forward resolution. you
>> > should get something like:
>> >
>> > 192.168.3.103 => eric.test.example
>> > _and_
>> > eric.test.example => 192.168.3.103
>> >
>> > If you only have the reverse lookup, the result is untrusted and sane
>> > applications should ignore it.
>>
>>
>> Thanks for the pointer. Indeed, I was missing the trailing . after my
>> FQDN
>> in my revers file. I have updated my reverse files, and nslookup is
>> resolving better, but still not further ahead.
>>
>> My reverse file: 3.168.192.in-addr.arpa now contains the following line:
>> 103 IN PTR eric.test.com.
>>
>>
>> If I try nslookups now, my results are as follows:
>>
>> # nslookup 192.168.3.103
>> Server: 192.168.1.67
>> Address: 192.168.1.67#53
>>
>> 103.103.168.192.in-addr.arpa name = eric.test.com.
>>
>> # nslookup eric.test.com
>> Server: 192.168.1.67
>> Address: 192.168.1.67#53
>>
>> Name: eric.test.com
>> Address: 192.168.3.103
>>
>>
>> So from that, it seems as though the DNS / rDNS are properly configured,
>> does it not? Similarly, I have both the forward and reverse domain name
>> on
>> the DNS server as the nslookups show. However, I still get the same
>> error
>> msg:
>> Jan 14 17:46:50 apollo atftpd[15905]: Connection refused from
>> 192.168.103.103
> AAA
> Correct? -----|||
Whoops - cut & paste typo. That line is supposed to read:
Jan 14 17:46:50 apollo atftpd[15905]: Connection refused from 192.168.3.103
More information about the CentOS
mailing list