RE: NetReg: NetReg DNS server notautomatically redirecting

From: Patrick Jaques (pjaques@comcast.net)
Date: Tue Jul 13 2004 - 22:19:37 CDT

• Next message: Patrick Jaques: "RE: NetReg: NetReg DNS server notautomatically redirecting"
• Previous message: DelVecchio, Anthony R.: "RE: NetReg: NetReg DNS server notautomatically redirecting"
• In reply to: DelVecchio, Anthony R.: "RE: NetReg: NetReg DNS server notautomatically redirecting"
• Next in thread: DelVecchio, Anthony R.: "RE: NetReg: NetReg DNS server notautomatically redirecting"

Hi Tony,

I believe Fedora sets up Bind in a chroot configuration. The default
location of chroot bind configuration files are /var/named/chroot. If you
created/copied a named.conf file and placed it in /etc, this might explain
why your client's DNS requests are being resolved via the internet root
servers and not your bogus DNS server.

--Patrick

-----Original Message-----
From: owner-netreg@southwestern.edu [mailto:owner-netreg@southwestern.edu]
On Behalf Of DelVecchio, Anthony R.
Sent: Tuesday, July 13, 2004 7:33 PM
To: 'netreg@southwestern.edu'
Subject: RE: NetReg: NetReg DNS server notautomatically redirecting

Definitely running 9.2.3, nothing in the logs is indicating a problem.
Baffled.

-----Original Message-----
From: Robert Lowe [mailto:Robert.H.Lowe@lawrence.edu]
Sent: Tuesday, July 13, 2004 4:32 PM
To: netreg@southwestern.edu
Subject: Re: NetReg: NetReg DNS server notautomatically redirecting

DelVecchio, Anthony R. wrote:

> Hi,
>
>
>
> I am running into an issue where I have an unregistered client pick up
> the DHCP info from an unregistered range including DNS. I verified this
> with an ipconfig. When you go to a browser I am still able to get to
> any url. I have to manually enter the url for netreg in order to
> register the client.
>
>
>
> I haven't confirmed if this is only happening with my Windows XP Pro
> client or if it is happening to everyone else. I have experienced a
> similar intermittent problem in the past where the client would not
> give up its old, valid IP. This is not the case this time.
>
>
>
> Running nslookup shows the server to be the netreg dns but when you
> actually do an nslookup you will get non-authoritative answers with real
> IP's. I am running BIND 9.2.3 from the Fedora 2 install using the
> cut-and-paste files from the docs. DHCP and Apache installed separately.

First use dig on your DNS/NetReg box. Check your logfiles, just to make
sure named hasn't reported any errors. Are you really running BIND8? Versus
BIND9, that is.

Are you sure you're not already running some version of named that came with
your Fedora install?

My comments below are not directly related to your problem at the moment...

> ---------------------
>
> // named.conf for NetReg
>
> // Belongs at /etc/named.conf
>
>
>
> server 140.209.13.3{
>
> bogus yes;
>
> };
>
>
>
>
>
> options {
>
> directory "/etc/";
>
> recursion no;
>
> fetch-glue no;
>
> };
>
>
>
> zone "." in {
>
> type master;
>
> file "db.root";
>
> };
>
> ; Bind 8 -- Zone file -- for NetReg
>
> ; Belongs at /etc/db.root
>
>
>
> $TTL 3600
>
> . IN SOA ust-netregspn.stthomas.edu. root.ust-netregspn.stthomas.edu.
> (
>
> 2 ;serial
>
> 10800 ;refresh
>
> 3600 ;retry
>
> 604800 ;expire
>
> 86400 ;default ttl

FYI, this is the 'minimum' value, now used for negative caching TTL.

>
> )
>
> IN NS ust-netregspn.stthomas.edu.
>
> ust-netregspn 86400 IN A 140.209.13.3

Your in the root zone (.) here. This should fully
qualified, e.g. ust-netregspn.stthomas.edu.

>
> *. 86400 IN A 140.209.13.3

Get rid of the TTL you've specified here. Let the $TTL statement take care
of that. In any case, this value is way too large. What happens if a
client registers but doesn't reboot? And the client runs a DNS resolver
service that caches responses? I'd make the default TTL something on the
order of 10 minutes myself.

-Robert

>
>
>
>
> Tony DelVecchio
>
> Network Security Manager
>
> University of St Thomas, St Paul, Mn
>

**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg Send requests for assistance to:
owner-netreg@southwestern.edu
**********************************************************************
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg Send requests for assistance to:
owner-netreg@southwestern.edu
**********************************************************************

**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************

• Next message: Patrick Jaques: "RE: NetReg: NetReg DNS server notautomatically redirecting"
• Previous message: DelVecchio, Anthony R.: "RE: NetReg: NetReg DNS server notautomatically redirecting"
• In reply to: DelVecchio, Anthony R.: "RE: NetReg: NetReg DNS server notautomatically redirecting"
• Next in thread: DelVecchio, Anthony R.: "RE: NetReg: NetReg DNS server notautomatically redirecting"

This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:46 CDT