Помогите разобраться с dns клиентом во FreeBSD 8.0-Release
Не резолвит имена хостовrouter# ping ukr.net
ping: cannot resolve ukr.net: Host name lookup failurerouter# ifconfig vr0
vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=2808<VLAN_MTU,WOL_UCAST,WOL_MAGIC>
ether 00:1c:f0:cb:07:ba
inet 192.168.10.177 netmask 0xffffff00 broadcast 192.168.10.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
Пакеты во внешнюю сеть
router# ping 193.111.173.53
PING 193.111.173.53 (193.111.173.53): 56 data bytes
64 bytes from 193.111.173.53: icmp_seq=0 ttl=120 time=426.052 ms
64 bytes from 193.111.173.53: icmp_seq=1 ttl=120 time=301.273 ms
64 bytes from 193.111.173.53: icmp_seq=2 ttl=120 time=213.713 ms
64 bytes from 193.111.173.53: icmp_seq=3 ttl=120 time=512.792 ms
64 bytes from 193.111.173.53: icmp_seq=4 ttl=120 time=551.909 ms
vi /etc/resolv.confdomain blackip.kiev.ua
nameserver 212.40.34.2
nameserver 212.40.34.10
nameserver 192.168.10.10router# ping 212.40.34.2 ############ DNS master обслуживающий зону blackip.kiev.ua
PING 212.40.34.2 (212.40.34.2): 56 data bytes
64 bytes from 212.40.34.2: icmp_seq=0 ttl=61 time=590.168 ms
64 bytes from 212.40.34.2: icmp_seq=1 ttl=61 time=591.951 ms
64 bytes from 212.40.34.2: icmp_seq=2 ttl=61 time=557.955 ms
64 bytes from 212.40.34.2: icmp_seq=3 ttl=61 time=347.410 ms
^C
--- 212.40.34.2 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 347.410/521.871/591.951/101.630 msrouter# ping 212.40.34.10 ############ DNS slave обслуживающий зону blackip.kiev.ua
PING 212.40.34.10 (212.40.34.10): 56 data bytes
64 bytes from 212.40.34.10: icmp_seq=0 ttl=61 time=1249.041 ms
64 bytes from 212.40.34.10: icmp_seq=1 ttl=61 time=1421.037 ms
64 bytes from 212.40.34.10: icmp_seq=2 ttl=61 time=909.347 ms
64 bytes from 212.40.34.10: icmp_seq=3 ttl=61 time=908.739 ms
^C
--- 212.40.34.10 ping statistics ---
5 packets transmitted, 4 packets received, 20.0% packet loss
round-trip min/avg/max/stddev = 908.739/1122.041/1421.037/221.509 msrouter# ping 192.168.10.10#################кеширующий DNS сервер
PING 192.168.10.10 (192.168.10.10): 56 data bytes
64 bytes from 192.168.10.10: icmp_seq=0 ttl=128 time=0.503 ms
64 bytes from 192.168.10.10: icmp_seq=1 ttl=128 time=1.044 ms
64 bytes from 192.168.10.10: icmp_seq=2 ttl=128 time=0.204 ms
vi /etc/hosts::1 localhost blackip.kiev.ua
127.0.0.1 localhost blackip.kiev.ua
192.168.10.177 router.blackip.kiev.ua
192.168.10.177 router.blackip.kiev.uavi /etc/hosts.conf
# Auto-generated from nsswitch.conf
hosts
dns
vi /etc/nsswitch.conf#
# nsswitch.conf(5) - name service switch configuration file
# $FreeBSD: src/etc/nsswitch.conf,v 1.1.10.1.2.1 2009/10/25 01:10:29 kensmith Exp $
#
group: compat
group_compat: nis
hosts: files dns
networks: files
passwd: compat
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: filesvi /etc/inetd.conf
# $FreeBSD: src/etc/inetd.conf,v 1.73.10.2.2.1 2009/10/25 01:10:29 kensmith Exp $
#
# Internet server configuration database
#
# Define *both* IPv4 and IPv6 entries for dual-stack support.
# To disable a service, comment it out by prefixing the line with '#'.
# To enable a service, remove the '#' at the beginning of the line.
#
#ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l
#ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -l
ssh stream tcp nowait root /usr/sbin/sshd sshd -i -4
#ssh stream tcp6 nowait root /usr/sbin/sshd sshd -i -6
#telnet stream tcp nowait root /usr/libexec/telnetd telnetd
#telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd
#shell stream tcp nowait root /usr/libexec/rshd rshd
#shell stream tcp6 nowait root /usr/libexec/rshd rshd
#login stream tcp nowait root /usr/libexec/rlogind rlogind
#login stream tcp6 nowait root /usr/libexec/rlogind rlogind
#finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -s
#finger stream tcp6 nowait/3/10 nobody /usr/libexec/fingerd fingerd -s
#
# run comsat as root to be able to print partial mailbox contents w/ biff,
# or use the safer tty:tty to just print that new mail has been received.
#comsat dgram udp wait tty:tty /usr/libexec/comsat comsat
#
# ntalk is required for the 'talk' utility to work correctly
#ntalk dgram udp wait tty:tty /usr/libexec/ntalkd ntalkd
#tftp dgram udp wait root /usr/libexec/tftpd tftpd -l -s /tftpboot
#tftp dgram udp6 wait root /usr/libexec/tftpd tftpd -l -s /tftpboot
#bootps dgram udp wait root /usr/libexec/bootpd bootpd
#
# "Small servers" -- used to be standard on, but we're more conservative
# about things due to Internet security concerns. Only turn on what you
# need.
#
#daytime stream tcp nowait root internal
#daytime stream tcp6 nowait root internal
#daytime dgram udp wait root internal
#daytime dgram udp6 wait root internal
#time stream tcp nowait root internal
#time stream tcp6 nowait root internal
#time dgram udp wait root internal
#time dgram udp6 wait root internal
#echo stream tcp nowait root internal
#echo stream tcp6 nowait root internal
#echo dgram udp wait root internal
#echo dgram udp6 wait root internal
#discard stream tcp nowait root internal
#discard stream tcp6 nowait root internal
#discard dgram udp wait root internal
#discard dgram udp6 wait root internal
#chargen stream tcp nowait root internal
#chargen stream tcp6 nowait root internal
#chargen dgram udp wait root internal
#chargen dgram udp6 wait root internal
#
# CVS servers - for master CVS repositories only! You must set the
# --allow-root path correctly or you open a trivial to exploit but
# deadly security hole.
#
#cvspserver stream tcp nowait root /usr/bin/cvs cvs --allow-root=/your/cvsroot/here pserver
#cvspserver stream tcp nowait root /usr/bin/cvs cvs --allow-root=/your/cvsroot/here kserver
#
# RPC based services (you MUST have rpcbind running to use these)
#
#rstatd/1-3 dgram rpc/udp wait root /usr/libexec/rpc.rstatd rpc.rstatd
#rusersd/1-2 dgram rpc/udp wait root /usr/libexec/rpc.rusersd rpc.rusersd
#walld/1 dgram rpc/udp wait root /usr/libexec/rpc.rwalld rpc.rwalld
#pcnfsd/1-2 dgram rpc/udp wait root /usr/local/libexec/rpc.pcnfsd rpc.pcnfsd
#rquotad/1 dgram rpc/udp wait root /usr/libexec/rpc.rquotad rpc.rquotad
#sprayd/1 dgram rpc/udp wait root /usr/libexec/rpc.sprayd rpc.sprayd
#
# example entry for the optional pop3 server
#
#pop3 stream tcp nowait root /usr/local/libexec/popper popper
#
# example entry for the optional imap4 server
#
#imap4 stream tcp nowait root /usr/local/libexec/imapd imapd
#
# example entry for the optional nntp server
#
#nntp stream tcp nowait news /usr/local/libexec/nntpd nntpd
#
# example entry for the optional uucpd server
#
#uucpd stream tcp nowait root /usr/local/libexec/uucpd uucpd
#
# Return error for all "ident" requests
#
#auth stream tcp nowait root internal
#auth stream tcp6 nowait root internal
#
# Provide internally a real "ident" service which provides ~/.fakeid support,
# provides ~/.noident support, reports UNKNOWN as the operating system type
# and times out after 30 seconds.
#
#auth stream tcp nowait root internal auth -r -f -n -o UNKNOWN -t 30
#auth stream tcp6 nowait root internal auth -r -f -n -o UNKNOWN -t 30
#
# Example entry for an external ident server
#
#auth stream tcp wait root /usr/local/sbin/identd identd -w -t120
#
# Example entry for the optional qmail MTA
# NOTE: This is no longer the correct way to handle incoming SMTP
# connections for qmail. Use tcpserver (http://cr.yp.to/ucspi-tcp.html)
# instead.
#
#smtp stream tcp nowait qmaild /var/qmail/bin/tcp-env tcp-env /var/qmail/bin/qmail-smtpd
#
# Enable the following two entries to enable samba startup from inetd
# (from the Samba documentation). Enable the third entry to enable the swat
# samba configuration tool.
#
#netbios-ssn stream tcp nowait root /usr/local/sbin/smbd smbd
#netbios-ns dgram udp wait root /usr/local/sbin/nmbd nmbd
#swat stream tcp nowait/400 root /usr/local/sbin/swat swat
router# sockstat -4
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
admin sshd 1248 3 tcp4 192.168.10.177:22 192.168.10.7:17308
root sshd 1245 3 tcp4 192.168.10.177:22 192.168.10.7:17308
root sendmail 788 4 tcp4 127.0.0.1:25 *:*
root sshd 781 4 tcp4 *:22 *:*
root syslogd 556 7 udp4 *:514 *:*
файервол есть ? пробовал отключать ?
что говорит dig ya.ru @212.40.34.2 ?
и dig ya.ru @192.168.10.10 ?
>файервол есть ? пробовал отключать ?
>что говорит dig ya.ru @212.40.34.2 ?
>и dig ya.ru @192.168.10.10 ?#router dig ya.ru@212.40.34.2
;; global options: +cmd
;; connection timed out; no servers could be reached#router dig ya.ru@192.168.10.10
;; global options: +cmd
;; connection timed out; no servers could be reachedа как глянуть фаервол ??
>а как глянуть фаервол ??зависит от того, какой у вас фаер.
>#router dig ya.ru@212.40.34.2
>#router dig ya.ru@192.168.10.10Однако пробел нужен перед собакой
>>#router dig ya.ru@212.40.34.2
>>#router dig ya.ru@192.168.10.10
>
>Однако пробел нужен перед собакойrouter dig ya.ru @212.40.34.2
;; global options: +cmd
;; connection timed out; no servers could be reached#router dig ya.ru @192.168.10.10
;; global options: +cmd
;; connection timed out; no servers could be reached
тогда файервол, или на этой машине, или на шлюзе
>тогда файервол, или на этой машине, или на шлюзееще даже ядро не правил и не компилил!
есть ли встроенный фаервол ?по поводу шлюза , то прибивал к интерфейсу неработающей машины ip который назначен другому серверу етой же сети , и под которым все работает !!, то машина как молчала так и молчит , не резолвит !
>Помогите разобраться с dns клиентом во FreeBSD 8.0-Release
>Не резолвит имена хостов
>
>vi /etc/resolv.conf
>
>domain blackip.kiev.ua
>nameserver 212.40.34.2
>nameserver 212.40.34.10
>nameserver 192.168.10.10
># telnet 192.168.10.10 53
что скажет, ну и так далее с двумя остальными nameserver
>[оверквотинг удален]
>>
>>domain blackip.kiev.ua
>>nameserver 212.40.34.2
>>nameserver 212.40.34.10
>>nameserver 192.168.10.10
>>
>
># telnet 192.168.10.10 53
>
>что скажет, ну и так далее с двумя остальными nameserverrouter# telnet 192.168.10.10 53
Trying 192.168.10.10...
telnet: connect to address 192.168.10.10: Operation timed out
telnet: Unable to connect to remote host
router# telnet 212.40.34.2 53
Trying 212.40.34.2...
telnet: connect to address 212.40.34.2: Operation timed out
telnet: Unable to connect to remote host
router# telnet 212.40.34.10 53
Trying 212.40.34.10...
telnet: connect to address 212.40.34.10: Operation timed out
telnet: Unable to connect to remote host
router# ping ukr.netСтранно!!Непонятная ситуация на машине с работающим DNS-клиентом в этой же сети !
/usr/home/adminusr/home/admin/>telnet 192.168.10.10 53
Trying 192.168.10.10...
telnet: connect to address 192.168.10.10: Operation timed out
telnet: Unable to connect to remote host
/usr/home/adminusr/home/admin/>ping ukr.net
PING ukr.net (195.214.195.105): 56 data bytes
64 bytes from 195.214.195.105: icmp_seq=0 ttl=59 time=126.286 ms
64 bytes from 195.214.195.105: icmp_seq=1 ttl=59 time=12.334 ms
64 bytes from 195.214.195.105: icmp_seq=2 ttl=59 time=13.363 ms
^C
--- ukr.net ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 12.334/50.661/126.286/53.477 ms
/usr/home/adminusr/home/admin/>еще на 3-х Win машинах(прописан DNS 192.168.10.10)
C:\Documents and Settings\admin>nslooup ukr.net
DNS request timed out.
timeout was 2 seconds.
*Can't find server name for address 192.168.10.10
Server: UnKnown
Address: 212.40.34.10DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.C:\Documents and Settings\admin>telnet 192.168.10.10 53
Connecting To 192.168.10.10...Could not open connection to the host, on port 53: connect failedНа самом же кеш. ns
C:\Documents and Settings\admin>nslookup ukr.netServer: www.blackip.kiev.ua
Address: 192.168.10.10Name: ukr.net
Address: 195.214.195.105C:\Documents and Settings\admin>nslookup ukr.net 212.40.34.2
Server: colt.tsua.net
Address: 212.40.34.10Name: ukr.net
Address: 195.214.195.105
C:\Documents and Settings\admin>nslookup ukr.net 212.40.34.10Server: magnum.tsua.net
Address: 212.40.34.2Name: ukr.net
Address: 195.214.195.105
>[оверквотинг удален]
>Trying 212.40.34.2...
>telnet: connect to address 212.40.34.2: Operation timed out
>telnet: Unable to connect to remote host
>router# telnet 212.40.34.10 53
>Trying 212.40.34.10...
>telnet: connect to address 212.40.34.10: Operation timed out
>telnet: Unable to connect to remote host
>router# ping ukr.net
>
>Странно!!Непонятная ситуация на машине с работающим DNS-клиентом в этой же сети !закрыт видимо порт, скачайте nmap для Windoze и посмотрите nmap на 53 порт по tcp/udp
закрыт или отфильтрован, все будет понятно.
>[оверквотинг удален]
>>Trying 212.40.34.10...
>>telnet: connect to address 212.40.34.10: Operation timed out
>>telnet: Unable to connect to remote host
>>router# ping ukr.net
>>
>>Странно!!Непонятная ситуация на машине с работающим DNS-клиентом в этой же сети !
>
>закрыт видимо порт, скачайте nmap для Windoze и посмотрите nmap на 53
>порт по tcp/udp
>закрыт или отфильтрован, все будет понятно.какие должны порты быть открыты для DNS-клиента (сокет DNS клиента слушает сеть постоянно или по мере необходимости )
nmap из Win
Starting Nmap 5.00 ( http://nmap.org ) at 2009-12-17 09:32 FLE Standard Time
Interesting ports on 192.168.10.177:
Not shown: 98 closed ports
PORT STATE SERVICE
7/tcp open echo
22/tcp open ssh
MAC Address: 00:1C:F0:CB:07:BA (D-Link)
Nmap done: 1 IP address (1 host up) scanned in 14.36 seconds
router# sockstat -4
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
admin sshd 3496 3 tcp4 192.168.10.177:22 192.168.10.254:2252
root sshd 3493 3 tcp4 192.168.10.177:22 192.168.10.254:2252
root inetd 1492 5 udp4 *:67 *:*
root inetd 1492 7 tcp4 *:7 *:*
root inetd 1492 8 udp4 *:7 *:*
root inetd 1492 9 udp4 *:9 *:*
root inetd 1492 10 udp4 *:19 *:*
root sendmail 798 4 tcp4 127.0.0.1:25 *:*
root sshd 791 4 tcp4 *:22 *:*
root syslogd 557 7 udp4 *:514 *:*
>какие должны порты быть открыты для DNS-клиента (сокет DNS клиента слушает сеть
>постоянно или по мере необходимости )http://www.freebsd.org/doc/ru/books/handbook/network-dns.html
53 порт udp
># telnet 192.168.10.10 53
>
>что скажет, ну и так далее с двумя остальными nameserverне показатель, так как tcp используется только для трансфера зон, сами ответы идут по udp