-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of William L. Maltby Sent: Monday, January 14, 2008 5:55 PM To: CentOS General List Subject: Re: [CentOS] Re: Re: What libs req'd to resolve DNS within achroot jail?
On Mon, 2008-01-14 at 17:53 -0500, Eric B. wrote:
Eric B. wrote:
<snip>
Thanks for the feedback Rick. I didn't realize that security implication. However I'm already running this on a machine that is heavily firewalled on a VPN so I am fairly sure that no one will be accessing this externally, but I still would like to restrict access to particular machines. Ideally, would rather
use FQDN to
make life easier for me to administer. I have created my additional reverse-dns pointer but I am still having
problems with
it.
nslookup from the server gives me: # nslookup 192.168.3.103 Server: 192.168.1.67 Address: 192.168.1.67#53
103.3.168.192.in-addr.arpa name = eric.test.com.3.168.192.in-addr.arpa.
It looks like there is a missing trailing dot in your DNS zone configuration. I doubt you are authoritative for the
in-addr.arpa zone.
in your zone file, you should have something like 103 IN PTR eric.test.example. (notice the last dot). Otherwise, the zone name (@ORIGIN)
will be added.
make sure you have a matching reverse _and_ forward
resolution. you
should get something like:
192.168.3.103 => eric.test.example _and_ eric.test.example => 192.168.3.103
If you only have the reverse lookup, the result is untrusted and sane applications should ignore it.
Thanks for the pointer. Indeed, I was missing the trailing
. after my
FQDN in my revers file. I have updated my reverse files,
and nslookup
is resolving better, but still not further ahead.
My reverse file: 3.168.192.in-addr.arpa now contains the
following line:
103 IN PTR eric.test.com.
If I try nslookups now, my results are as follows:
# nslookup 192.168.3.103 Server: 192.168.1.67 Address: 192.168.1.67#53
103.103.168.192.in-addr.arpa name = eric.test.com.
# nslookup eric.test.com Server: 192.168.1.67 Address: 192.168.1.67#53
Name: eric.test.com Address: 192.168.3.103
So from that, it seems as though the DNS / rDNS are properly configured, does it not? Similarly, I have both the forward and reverse domain name on the DNS server as the nslookups
show. However,
I still get the same error msg: Jan 14 17:46:50 apollo atftpd[15905]: Connection refused from 192.168.103.103
AAACorrect? -----|||
I haven't seen that in your previous posts. Type in posting or some configuration problem?
<snip>
Thanks,
Eric
<snip sig stuff>
HTH
Bill
Additionally, the connection was refused from 192.168.103.103 (NOT 192.168.3.103)
Mike