forum.lissyara.su

Добавлено: **2009-12-15 16:42:42**

Помогите разобраться с dns клиентом во FreeBSD 8.0-Release
Не резолвит имена хостов

router# ping ukr.net
ping: cannot resolve ukr.net: Host name lookup failure

Код: Выделить всё

router# ifconfig vr0
vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=2808<VLAN_MTU,WOL_UCAST,WOL_MAGIC>
        ether 00:1c:f0:cb:07:ba
        inet 192.168.10.177 netmask 0xffffff00 broadcast 192.168.10.255
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active

Пакеты во внешнюю сеть

Код: Выделить всё

router# ping 193.111.173.53
PING 193.111.173.53 (193.111.173.53): 56 data bytes
64 bytes from 193.111.173.53: icmp_seq=0 ttl=120 time=426.052 ms
64 bytes from 193.111.173.53: icmp_seq=1 ttl=120 time=301.273 ms
64 bytes from 193.111.173.53: icmp_seq=2 ttl=120 time=213.713 ms
64 bytes from 193.111.173.53: icmp_seq=3 ttl=120 time=512.792 ms
64 bytes from 193.111.173.53: icmp_seq=4 ttl=120 time=551.909 ms

Код: Выделить всё

vi /etc/resolv.conf

domain  blackip.kiev.ua
nameserver      212.40.34.2
nameserver      212.40.34.10
nameserver      192.168.10.10

Код: Выделить всё

router# ping 212.40.34.2 ############ DNS master обслуживающий зону blackip.kiev.ua
PING 212.40.34.2 (212.40.34.2): 56 data bytes
64 bytes from 212.40.34.2: icmp_seq=0 ttl=61 time=590.168 ms
64 bytes from 212.40.34.2: icmp_seq=1 ttl=61 time=591.951 ms
64 bytes from 212.40.34.2: icmp_seq=2 ttl=61 time=557.955 ms
64 bytes from 212.40.34.2: icmp_seq=3 ttl=61 time=347.410 ms
^C
--- 212.40.34.2 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 347.410/521.871/591.951/101.630 ms

Код: Выделить всё

router# dig ya.ru @212.40.34.2
;; global options:  +cmd
;; connection timed out; no servers could be reached

Код: Выделить всё

router# ping 212.40.34.10 ############ DNS slave обслуживающий зону blackip.kiev.ua
PING 212.40.34.10 (212.40.34.10): 56 data bytes
64 bytes from 212.40.34.10: icmp_seq=0 ttl=61 time=1249.041 ms
64 bytes from 212.40.34.10: icmp_seq=1 ttl=61 time=1421.037 ms
64 bytes from 212.40.34.10: icmp_seq=2 ttl=61 time=909.347 ms
64 bytes from 212.40.34.10: icmp_seq=3 ttl=61 time=908.739 ms
^C
--- 212.40.34.10 ping statistics ---
5 packets transmitted, 4 packets received, 20.0% packet loss
round-trip min/avg/max/stddev = 908.739/1122.041/1421.037/221.509 ms

Код: Выделить всё

router# ping 192.168.10.10#################кеширующий DNS сервер
PING 192.168.10.10 (192.168.10.10): 56 data bytes
64 bytes from 192.168.10.10: icmp_seq=0 ttl=128 time=0.503 ms
64 bytes from 192.168.10.10: icmp_seq=1 ttl=128 time=1.044 ms
64 bytes from 192.168.10.10: icmp_seq=2 ttl=128 time=0.204 ms

router# dig ya.ru @192.168.10.10
;; global options:  +cmd
;; connection timed out; no servers could be reached

Код: Выделить всё

vi /etc/hosts

::1                     localhost blackip.kiev.ua
127.0.0.1               localhost blackip.kiev.ua
192.168.10.177          router.blackip.kiev.ua
192.168.10.177          router.blackip.kiev.ua

Код: Выделить всё

vi /etc/hosts.conf

# Auto-generated from nsswitch.conf
hosts
dns

Код: Выделить всё

vi /etc/nsswitch.conf

#
# nsswitch.conf(5) - name service switch configuration file
# $FreeBSD: src/etc/nsswitch.conf,v 1.1.10.1.2.1 2009/10/25 01:10:29 kensmith Exp $
#
group: compat
group_compat: nis
hosts: files dns
networks: files
passwd: compat
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files

Код: Выделить всё

vi /etc/inetd.conf

# $FreeBSD: src/etc/inetd.conf,v 1.73.10.2.2.1 2009/10/25 01:10:29 kensmith Exp $
#
# Internet server configuration database
#
# Define *both* IPv4 and IPv6 entries for dual-stack support.
# To disable a service, comment it out by prefixing the line with '#'.
# To enable a service, remove the '#' at the beginning of the line.
#
#ftp    stream  tcp     nowait  root    /usr/libexec/ftpd       ftpd -l
#ftp    stream  tcp6    nowait  root    /usr/libexec/ftpd       ftpd -l
ssh     stream  tcp     nowait  root    /usr/sbin/sshd          sshd -i -4
#ssh    stream  tcp6    nowait  root    /usr/sbin/sshd          sshd -i -6
#telnet stream  tcp     nowait  root    /usr/libexec/telnetd    telnetd
#telnet stream  tcp6    nowait  root    /usr/libexec/telnetd    telnetd
#shell  stream  tcp     nowait  root    /usr/libexec/rshd       rshd
#shell  stream  tcp6    nowait  root    /usr/libexec/rshd       rshd
#login  stream  tcp     nowait  root    /usr/libexec/rlogind    rlogind
#login  stream  tcp6    nowait  root    /usr/libexec/rlogind    rlogind
#finger stream  tcp     nowait/3/10 nobody /usr/libexec/fingerd fingerd -s
#finger stream  tcp6    nowait/3/10 nobody /usr/libexec/fingerd fingerd -s
#
# run comsat as root to be able to print partial mailbox contents w/ biff,
# or use the safer tty:tty to just print that new mail has been received.
#comsat dgram   udp     wait    tty:tty /usr/libexec/comsat     comsat
#
# ntalk is required for the 'talk' utility to work correctly
#ntalk  dgram   udp     wait    tty:tty /usr/libexec/ntalkd     ntalkd
#tftp   dgram   udp     wait    root    /usr/libexec/tftpd      tftpd -l -s /tftpboot
#tftp   dgram   udp6    wait    root    /usr/libexec/tftpd      tftpd -l -s /tftpboot
#bootps dgram   udp     wait    root    /usr/libexec/bootpd     bootpd
#
# "Small servers" -- used to be standard on, but we're more conservative
# about things due to Internet security concerns.  Only turn on what you
# need.
#
#daytime stream tcp     nowait  root    internal
#daytime stream tcp6    nowait  root    internal
#daytime dgram  udp     wait    root    internal
#daytime dgram  udp6    wait    root    internal
#time   stream  tcp     nowait  root    internal
#time   stream  tcp6    nowait  root    internal
#time    dgram  udp     wait    root    internal
#time    dgram  udp6    wait    root    internal
#echo   stream  tcp     nowait  root    internal
#echo   stream  tcp6    nowait  root    internal
#echo   dgram   udp     wait    root    internal
#echo   dgram   udp6    wait    root    internal
#discard stream tcp     nowait  root    internal
#discard stream tcp6    nowait  root    internal
#discard dgram  udp     wait    root    internal
#discard dgram  udp6    wait    root    internal
#chargen stream tcp     nowait  root    internal
#chargen stream tcp6    nowait  root    internal
#chargen dgram  udp     wait    root    internal
#chargen dgram  udp6    wait    root    internal
#
# CVS servers - for master CVS repositories only!  You must set the
# --allow-root path correctly or you open a trivial to exploit but
# deadly security hole.
#
#cvspserver     stream  tcp     nowait  root    /usr/bin/cvs    cvs --allow-root=/your/cvsroot/here pserver
#cvspserver     stream  tcp     nowait  root    /usr/bin/cvs    cvs --allow-root=/your/cvsroot/here kserver
#
# RPC based services (you MUST have rpcbind running to use these)
#
#rstatd/1-3     dgram rpc/udp wait root /usr/libexec/rpc.rstatd  rpc.rstatd
#rusersd/1-2    dgram rpc/udp wait root /usr/libexec/rpc.rusersd rpc.rusersd
#walld/1        dgram rpc/udp wait root /usr/libexec/rpc.rwalld  rpc.rwalld
#pcnfsd/1-2     dgram rpc/udp wait root /usr/local/libexec/rpc.pcnfsd    rpc.pcnfsd
#rquotad/1      dgram rpc/udp wait root /usr/libexec/rpc.rquotad rpc.rquotad
#sprayd/1       dgram rpc/udp wait root /usr/libexec/rpc.sprayd  rpc.sprayd
#
# example entry for the optional pop3 server
#
#pop3   stream  tcp     nowait  root    /usr/local/libexec/popper       popper
#
# example entry for the optional imap4 server
#
#imap4  stream  tcp     nowait  root    /usr/local/libexec/imapd        imapd
#
# example entry for the optional nntp server
#
#nntp   stream  tcp     nowait  news    /usr/local/libexec/nntpd        nntpd
#
# example entry for the optional uucpd server
#
#uucpd  stream  tcp     nowait  root    /usr/local/libexec/uucpd        uucpd
#
# Return error for all "ident" requests
#
#auth   stream  tcp     nowait  root    internal
#auth   stream  tcp6    nowait  root    internal
#
# Provide internally a real "ident" service which provides ~/.fakeid support,
# provides ~/.noident support, reports UNKNOWN as the operating system type
# and times out after 30 seconds.
#
#auth   stream  tcp     nowait  root    internal        auth -r -f -n -o UNKNOWN -t 30
#auth   stream  tcp6    nowait  root    internal        auth -r -f -n -o UNKNOWN -t 30
#
# Example entry for an external ident server
#
#auth   stream  tcp     wait    root    /usr/local/sbin/identd  identd -w -t120
#
# Example entry for the optional qmail MTA
#  NOTE: This is no longer the correct way to handle incoming SMTP
#        connections for qmail.  Use tcpserver (http://cr.yp.to/ucspi-tcp.html)
#        instead.
#
#smtp   stream  tcp     nowait  qmaild  /var/qmail/bin/tcp-env  tcp-env /var/qmail/bin/qmail-smtpd
#
# Enable the following two entries to enable samba startup from inetd
# (from the Samba documentation).  Enable the third entry to enable the swat
# samba configuration tool.
#
#netbios-ssn stream tcp nowait          root    /usr/local/sbin/smbd    smbd
#netbios-ns dgram udp   wait            root    /usr/local/sbin/nmbd    nmbd
#swat   stream  tcp     nowait/400      root    /usr/local/sbin/swat    swat

Код: Выделить всё

router# sockstat -4
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
admin    sshd       1248  3  tcp4   192.168.10.177:22     192.168.10.7:17308
root     sshd       1245  3  tcp4   192.168.10.177:22     192.168.10.7:17308
root     sendmail   788   4  tcp4   127.0.0.1:25          *:*
root     sshd       781   4  tcp4   *:22                  *:*
root     syslogd    556   7  udp4   *:514                 *:*

Добавлено: **2009-12-15 17:05:52**

Код: Выделить всё

nslookup ya.ru 212.40.34.2

работает?

Добавлено: **2009-12-15 17:39:12**

router#nslookup ya.ru 212.40.34.2
;; connection timed out; no servers could be reached
router#

Добавлено: **2009-12-15 18:47:44**

ну значит режется где-то 53-й UDP/TCP порт

Добавлено: **2009-12-16 11:04:52**

router# telnet 192.168.10.10 53
Trying 192.168.10.10...
telnet: connect to address 192.168.10.10: Operation timed out
telnet: Unable to connect to remote host
router# telnet 212.40.34.2 53
Trying 212.40.34.2...
telnet: connect to address 212.40.34.2: Operation timed out
telnet: Unable to connect to remote host
router# telnet 212.40.34.10 53
Trying 212.40.34.10...
telnet: connect to address 212.40.34.10: Operation timed out
telnet: Unable to connect to remote host
router# ping ukr.net

Странно!!Непонятная ситуация на машине с работающим DNS-клиентом в этой же сети !

/usr/home/adminusr/home/admin/>telnet 192.168.10.10 53
Trying 192.168.10.10...
telnet: connect to address 192.168.10.10: Operation timed out
telnet: Unable to connect to remote host
/usr/home/adminusr/home/admin/>ping ukr.net
PING ukr.net (195.214.195.105): 56 data bytes
64 bytes from 195.214.195.105: icmp_seq=0 ttl=59 time=126.286 ms
64 bytes from 195.214.195.105: icmp_seq=1 ttl=59 time=12.334 ms
64 bytes from 195.214.195.105: icmp_seq=2 ttl=59 time=13.363 ms
^C
--- ukr.net ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 12.334/50.661/126.286/53.477 ms
/usr/home/adminusr/home/admin/>

еще на 3-х Win машинах(прописан DNS 192.168.10.10)

C:\Documents and Settings\admin>nslooup ukr.net

DNS request timed out.
timeout was 2 seconds.
*Can't find server name for address 192.168.10.10
Server: UnKnown
Address: 212.40.34.10

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.

C:\Documents and Settings\admin>telnet 192.168.10.10 53
Connecting To 192.168.10.10...Could not open connection to the host, on port 53: connect failed

На самом же кеш. ns
C:\Documents and Settings\admin>nslookup ukr.net

Server: www.blackip.kiev.ua
Address: 192.168.10.10

Name: ukr.net
Address: 195.214.195.105

C:\Documents and Settings\admin>nslookup ukr.net 212.40.34.2

Server: colt.tsua.net
Address: 212.40.34.10

Name: ukr.net
Address: 195.214.195.105

C:\Documents and Settings\admin>nslookup ukr.net 212.40.34.10

Server: magnum.tsua.net
Address: 212.40.34.2

Name: ukr.net
Address: 195.214.195.105

Добавлено: **2009-12-16 14:32:57**

телнет работает по TCP, а ДНС по UDP

Добавлено: **2009-12-16 15:40:20**

и я думаю что режет чтото 53 порт или занимает его...у меня такое было когда с фри 7,1 поменялся синтаксис named.conf....во фре 7,0 нужно было писать

Код: Выделить всё

query-source port 53

а в 7,1 - эту строку вообще не трогать и не раскоменчивать...вот и получилось что я по старинке. указывая конкретный порт, занял его...посмотри - возможно у тебя чтото в этом роде.

Добавлено: **2009-12-21 15:10:41**

100% проблема в том что закрыт UDP 53 порт
проверяй со сторонней машины

Код: Выделить всё

 nmap -sU <domain-name> -p 53

P.S. http://ru.wikipedia.org/wiki/DNS

Протокол DNS использует для работы TCP- или UDP-порт 53 для ответов на запросы. Традиционно запросы и ответы отправляются в виде одной UDP датаграммы. TCP используется для AXFR-запросов.

Добавлено: **2009-12-21 17:11:17**

он может быть как и закрыт так и забран каким то демоном....смотря что пишется в логах днс сервера

Добавлено: **2009-12-22 1:11:58**

mediamag писал(а):он может быть как и закрыт так и забран каким то демоном....смотря что пишется в логах днс сервера

вывод sockstat в первом посте не заметили?

Добавлено: **2009-12-22 12:48:17**

А точно, не увидел...некому слушать 53 порт...

forum.lissyara.su

DNS-client

DNS-client

Re: DNS-client

Re: DNS-client

Re: DNS-client

Re: DNS-client

Re: DNS-client

Re: DNS-client

Re: DNS-client

Re: DNS-client

Re: DNS-client

Re: DNS-client