[K12OSN] Blocked net access

David Whitmer thewhitmers at gmail.com
Tue Jan 16 12:43:19 UTC 2007 

On 1/15/07, Les Mikesell <les at futuresource.com> wrote:
>
> The dhcp clients should be getting the k12ltsp server's address
> as the DNS server as well as the default gateway.  You should
> see this with the ipconfig /all.   The server itself will do
> its own lookups (and thus those for thin clients) based on the
> 'nameserver' entries in its /etc/resolv.conf file and the local
> /etc/hosts file can override those lookups.  However, to act
> as a nameserver for other machines, you must have the named
> program running and configured properly. Some tests you can
> do:
>    service named restart
> If you don't see the 'OK' during the shutdown step, it wasn't
> running and you need to  'chkconfig named on'.  If there are
> errors in the startup you need to fix /etc/named.conf file.
>    dig
> will show the root servers based on lookups from a server
> in /etc/resolv.conf.  If this works but
>    dig @localhost
> does not work, your nameserver can't reach the root servers.
> One thing that might cause that is firewalling at your internet
> gateway. You may have to add the nameservers listed in your
> /etc/resolv.conf (which seem to be working) and add them as
> 'forwarders' in your /etc/named.conf file.  This will make your
> named pass the queries to the specified (and reachable) servers
> instead of attempting the lookups directly.  Once you have named
> working on the server, the clients behind it should also work,
> which you can test with 'nslookup some_internet_name'.
>
> --
>    Les Mikesell
>     les at futuresource.com
>

Les,

I followed your recommendations but was still not having any success.
As I was getting ready to add "forwarders" to /etc/named-k12ltsp.conf
(there doesn't seem to be a named.conf) I noticed the following option
commented out under options:

	/*
	 * If there is a firewall between you and nameservers you want
	 * to talk to, you might need to uncomment the query-source
	 * directive below.  Previous versions of BIND always asked
	 * questions using port 53, but BIND 8.1 uses an unprivileged
	 * port by default.
	 */
	 // query-source address * port 53;

I uncommented the query-source-address, restarted named, and like
magic name lookups from the Windows client, whether using ping or a
web browser, began working.

Though it seems I may actually have been having a firewall issue, I
nonetheless learned a lot about working with name servers.

Thanks for your help everyone!

David Whitmer

More information about the K12OSN mailing list