[CentOS] Re: Re: What libs req'd to resolve DNS within achroot jail?
Mike Kercher
mike at vesol.com
Tue Jan 15 00:16:53 UTC 2008
> -----Original Message-----
> From: centos-bounces at centos.org
> [mailto:centos-bounces at centos.org] On Behalf Of William L. Maltby
> Sent: Monday, January 14, 2008 5:55 PM
> To: CentOS General List
> Subject: Re: [CentOS] Re: Re: What libs req'd to resolve DNS
> within achroot jail?
>
> On Mon, 2008-01-14 at 17:53 -0500, Eric B. wrote:
> > > Eric B. wrote:
> > >>>><snip>
> > >> Thanks for the feedback Rick. I didn't realize that security
> > >> implication.
> > >> However I'm already running this on a machine that is heavily
> > >> firewalled on a VPN so I am fairly sure that no one will be
> > >> accessing this externally, but I still would like to restrict
> > >> access to particular machines. Ideally, would rather
> use FQDN to
> > >> make life easier for me to administer. I have created my
> > >> additional reverse-dns pointer but I am still having
> problems with
> > >> it.
> > >>
> > >> nslookup from the server gives me:
> > >> # nslookup 192.168.3.103
> > >> Server: 192.168.1.67
> > >> Address: 192.168.1.67#53
> > >>
> > >> 103.3.168.192.in-addr.arpa name =
> > >> eric.test.com.3.168.192.in-addr.arpa.
> > >>
> > >
> > > It looks like there is a missing trailing dot in your DNS zone
> > > configuration. I doubt you are authoritative for the
> in-addr.arpa zone.
> > >
> > > in your zone file, you should have something like
> > > 103 IN PTR eric.test.example.
> > > (notice the last dot). Otherwise, the zone name (@ORIGIN)
> will be added.
> > >
> > >
> > > make sure you have a matching reverse _and_ forward
> resolution. you
> > > should get something like:
> > >
> > > 192.168.3.103 => eric.test.example
> > > _and_
> > > eric.test.example => 192.168.3.103
> > >
> > > If you only have the reverse lookup, the result is untrusted and
> > > sane applications should ignore it.
> >
> >
> > Thanks for the pointer. Indeed, I was missing the trailing
> . after my
> > FQDN in my revers file. I have updated my reverse files,
> and nslookup
> > is resolving better, but still not further ahead.
> >
> > My reverse file: 3.168.192.in-addr.arpa now contains the
> following line:
> > 103 IN PTR eric.test.com.
> >
> >
> > If I try nslookups now, my results are as follows:
> >
> > # nslookup 192.168.3.103
> > Server: 192.168.1.67
> > Address: 192.168.1.67#53
> >
> > 103.103.168.192.in-addr.arpa name = eric.test.com.
> >
> > # nslookup eric.test.com
> > Server: 192.168.1.67
> > Address: 192.168.1.67#53
> >
> > Name: eric.test.com
> > Address: 192.168.3.103
> >
> >
> > So from that, it seems as though the DNS / rDNS are properly
> > configured, does it not? Similarly, I have both the forward and
> > reverse domain name on the DNS server as the nslookups
> show. However,
> > I still get the same error
> > msg:
> > Jan 14 17:46:50 apollo atftpd[15905]: Connection refused from
> > 192.168.103.103
> AAA
> Correct? -----|||
>
> I haven't seen that in your previous posts. Type in posting
> or some configuration problem?
>
> >
> > <snip>
>
>
> > Thanks,
> >
> > Eric
> > <snip sig stuff>
>
> HTH
> --
> Bill
>
>
Additionally, the connection was refused from 192.168.103.103 (NOT
192.168.3.103)
Mike
More information about the CentOS
mailing list