[CentOS] Re: Re: What libs req'd to resolve DNS within a chroot jail?

Mon Jan 14 23:54:50 UTC 2008
William L. Maltby <CentOS4Bill at triad.rr.com>

On Mon, 2008-01-14 at 17:53 -0500, Eric B. wrote:
> > Eric B. wrote:
> >>>><snip>
> >> Thanks for the feedback Rick.  I didn't realize that security 
> >> implication.
> >> However I'm already running this on a machine that is heavily firewalled 
> >> on
> >> a VPN so I am fairly sure that no one will be accessing this externally, 
> >> but
> >> I still would like to restrict access to particular machines.  Ideally,
> >> would rather use FQDN to make life easier for me to administer.  I have
> >> created my additional reverse-dns pointer but I am still having problems
> >> with it.
> >>
> >> nslookup from the server gives me:
> >> # nslookup 192.168.3.103
> >> Server:         192.168.1.67
> >> Address:        192.168.1.67#53
> >>
> >> 103.3.168.192.in-addr.arpa    name = 
> >> eric.test.com.3.168.192.in-addr.arpa.
> >>
> >
> > It looks like there is a missing trailing dot in your DNS zone
> > configuration. I doubt you are authoritative for the in-addr.arpa zone.
> >
> > in your zone file, you should have something like
> > 103 IN PTR eric.test.example.
> > (notice the last dot). Otherwise, the zone name (@ORIGIN) will be added.
> >
> >
> > make sure you have a matching reverse _and_ forward resolution. you
> > should get something like:
> >
> > 192.168.3.103 => eric.test.example
> > _and_
> > eric.test.example => 192.168.3.103
> >
> > If you only have the reverse lookup, the result is untrusted and sane
> > applications should ignore it.
> 
> 
> Thanks for the pointer.  Indeed, I was missing the trailing . after my FQDN 
> in my revers file.  I have updated my reverse files, and nslookup is 
> resolving better, but still not further ahead.
> 
> My reverse file: 3.168.192.in-addr.arpa now contains the following line:
> 103             IN PTR  eric.test.com.
> 
> 
> If I try nslookups now, my results are as follows:
> 
> # nslookup 192.168.3.103
> Server:         192.168.1.67
> Address:        192.168.1.67#53
> 
> 103.103.168.192.in-addr.arpa    name = eric.test.com.
> 
> # nslookup eric.test.com
> Server:         192.168.1.67
> Address:        192.168.1.67#53
> 
> Name:   eric.test.com
> Address: 192.168.3.103
> 
> 
> So from that, it seems as though the DNS / rDNS are properly configured, 
> does it not?  Similarly, I have both the forward and reverse domain name on 
> the DNS server as the nslookups show.  However, I still get the same error 
> msg:
> Jan 14 17:46:50 apollo atftpd[15905]: Connection refused from 
> 192.168.103.103
              AAA
Correct? -----|||

I haven't seen that in your previous posts. Type in posting or some
configuration problem?

> 
> <snip>


> Thanks,
> 
> Eric
> <snip sig stuff>

HTH
-- 
Bill