[CentOS] Re: Re: What libs req'd to resolve DNS within a chroot jail?
William L. Maltby
CentOS4Bill at triad.rr.com
Mon Jan 14 23:54:50 UTC 2008
On Mon, 2008-01-14 at 17:53 -0500, Eric B. wrote:
> > Eric B. wrote:
> >>>><snip>
> >> Thanks for the feedback Rick. I didn't realize that security
> >> implication.
> >> However I'm already running this on a machine that is heavily firewalled
> >> on
> >> a VPN so I am fairly sure that no one will be accessing this externally,
> >> but
> >> I still would like to restrict access to particular machines. Ideally,
> >> would rather use FQDN to make life easier for me to administer. I have
> >> created my additional reverse-dns pointer but I am still having problems
> >> with it.
> >>
> >> nslookup from the server gives me:
> >> # nslookup 192.168.3.103
> >> Server: 192.168.1.67
> >> Address: 192.168.1.67#53
> >>
> >> 103.3.168.192.in-addr.arpa name =
> >> eric.test.com.3.168.192.in-addr.arpa.
> >>
> >
> > It looks like there is a missing trailing dot in your DNS zone
> > configuration. I doubt you are authoritative for the in-addr.arpa zone.
> >
> > in your zone file, you should have something like
> > 103 IN PTR eric.test.example.
> > (notice the last dot). Otherwise, the zone name (@ORIGIN) will be added.
> >
> >
> > make sure you have a matching reverse _and_ forward resolution. you
> > should get something like:
> >
> > 192.168.3.103 => eric.test.example
> > _and_
> > eric.test.example => 192.168.3.103
> >
> > If you only have the reverse lookup, the result is untrusted and sane
> > applications should ignore it.
>
>
> Thanks for the pointer. Indeed, I was missing the trailing . after my FQDN
> in my revers file. I have updated my reverse files, and nslookup is
> resolving better, but still not further ahead.
>
> My reverse file: 3.168.192.in-addr.arpa now contains the following line:
> 103 IN PTR eric.test.com.
>
>
> If I try nslookups now, my results are as follows:
>
> # nslookup 192.168.3.103
> Server: 192.168.1.67
> Address: 192.168.1.67#53
>
> 103.103.168.192.in-addr.arpa name = eric.test.com.
>
> # nslookup eric.test.com
> Server: 192.168.1.67
> Address: 192.168.1.67#53
>
> Name: eric.test.com
> Address: 192.168.3.103
>
>
> So from that, it seems as though the DNS / rDNS are properly configured,
> does it not? Similarly, I have both the forward and reverse domain name on
> the DNS server as the nslookups show. However, I still get the same error
> msg:
> Jan 14 17:46:50 apollo atftpd[15905]: Connection refused from
> 192.168.103.103
AAA
Correct? -----|||
I haven't seen that in your previous posts. Type in posting or some
configuration problem?
>
> <snip>
> Thanks,
>
> Eric
> <snip sig stuff>
HTH
--
Bill
More information about the CentOS
mailing list