RE: Port 53 redirect?

[roger audiblefaith com ( )]

>> But this should only be used for outgoing DNS requests correct? Why 
>> would it redirect an incoming DNS request? djbDNS should respond to the

>> initial request regardless.
>Well, you have no reference to the local machine in resolv.conf, so no
>DNS query will ever be made of your machine UNLESS it has one of the
>IP addresses listed.  If your machine is running as a DNS server, the
>resolv.conf normally lists
>    nameserver 127.0.0.1
>as the first entry.  This ensures that initial DNS queries are directed
>to itself first.
>I can't say a whole lot more since I don't have your zone or DNS config
>files.  Your current resolv.conf says that any non-FQDN host name will
>be searched for in the attbi.com domain.  Since there's no "nameserver 
>127.0.0.1" in it, all DNS queries must be sent out for resolution.  Even
>if you did have the 127.0.0.1 reference, if your local server isn't
>authoritative for attbi.com and doesn't have that domain cached, then a
>query will go out onto the internet and query the authoritative server
>for that domain to resolve the query.  According to whois, the
>authoritative DNS servers for attbi.com are:
>    Domain servers in listed order:
>    NS2.ATTBI.COM                                     216.148.227.68
>    NS.ATTBI.COM                                      204.127.198.4
>    NS6.ATTBI.COM                                     63.240.76.4
>    NS5.ATTBI.COM                                     204.127.202.4
>(the first and fourth are in your resolv.conf file), so again unless 
>your machine has one of the IP addresses above, all DNS queries for
>non-FQDN hosts will go out for resolution.
>As to the reverse DNS lookups for 192.168/16, again you probably don't
>don't have a 0.0.168.192.in-addr.arpa zone in your DNS, so reverse DNS
>lookups are going to also go out on the internet.  Unfortunately,
>192.168/16 is NOT a routable address, so a reverse DNS lookup will fail
>or return bogus information (this is also true with 10/8).
>You do understand the 192.168/16 and 10/8 notation, right?  Just asking,
>as many people don't know what one means by that notation.

the 192.168/16 and 10/8 are just the last 16 bits in the 192.168 space and
8 bits in the 10.0.0 space correct?

I'm still a little unclear. Partially because I have djbdns working on a
freeBSD box that does not have the localhost in the resolv.conf in any
way. Also if I do:
dnsq a musicwithmeaning.com 192.168.0.118 from the local machine, it
responds with the DNS information. 

When I do this same query from a machine outside my network to 24.5.16.209
(which gets routed to the machine in question) it times out and results in
the tcpdump info that I sent before.


I did try adding both
nameserver 127.0.0.1 and 
nameserver 192.168.0.118 to this machines resolv.conf at different times,
but the results were identical to before. Same packets shown with tcpdump.


I guess I don't understand how/why the server "decides" to go out to the
internet for domains. In other djbDNS installs the reverse DNS entries are
not required for it to respond to requests. They are a good idea, but not
necessary for function. 

In your explanation above it looks like you suggest a solution, but then
say it won't work because of non-routable addressing, so I'm confused as
what approach to take to resolve this.

Thanks,
Roger Harrell


------------------------------------------
E-mail provided by AudibleFaith.com
Music and other resources
http://www.audiblefaith.com
Music With Meaning?