[K12OSN] Linux, Windows, and my DNS troubles

[Shane Sammons]

Hi all, it turns out the issue was not the DNS, but instead the barracuda
filter that was stopping the DNS resolution, I am not sure why it did not
show the DNS request in Wireshark. However, I was getting upset and starting
just simplifying the network and took a piece of the equation and tried it
and finally came down to the content filter/spyware firewall.

I will see what other issues crop up. Thank you all for the suggestions to
try so far. Tomorrow I get to see how things run without that in place and
then try and put it back in.

Shane

On 10/11/07, Rob Owens <rowens at ptd.net> wrote:
>
> Hi Shane.
>
> I'm too tired right now to follow everything that you wrote, but here's
> some food for thought.  MS systems often (always?) use a WINS server to get
> DNS information.  I've seen issues in the past where WINS and DNS somehow
> got a different set if hostname-to-IP mappings.  I'm not 100% sure if this
> is only for internal IP addresses or if it goes for external ones as well.
>
> To clear cached DNS info on the clients, you can use:
> /etc/init.d/nscd restart (on linux)
> ipconfig /flushdns (on windows)
>
> I recall reading somewhere that Firefox has its own DNS cache.  I'm not
> sure how to clear it, or if that's even a correct statement, but you might
> want to look into it.
>
> -Rob
>
> On Thu, Oct 11, 2007 at 12:47:02PM -0400, Shane Sammons wrote:
> > Hi everyone!
> >
> > I am encountering an issue with DNS I have never experienced before. I
> am
> > hopeful someone can think of something I have missed, or maybe has
> > encountered something similar and has an answer.
> >
> > I switched DNS to a Windows server so I can re-build a server.
> Everything
> > seemed fine at first, then caches cleared and our domains we manage on
> the
> > server for the network were no longer accessible. I tossed this up to an
> > error on my part. I checked my A name entries and everything. It all was
> > correct.
> >
> > I then proceeded to use ping and nslookup. The DNS server responded
> quickly
> > with the proper IP address and I could ping -a and get the name back
> from
> > the IP.
> >
> > The network has all 3com switches, but is 99% Mac's. I thought perhaps
> there
> > is a protocol or such that isn't playing nice with windows. The OS X
> server
> > used BIND, I am sure a modified version. So, on another server I setup
> > Ubuntu Linux and installed BIND 9. I set everything up on there and
> testing
> > things again. This time I used dig on that server, nslookup from my
> > workstation. Same, server responded yet I can not access the domain via
> a
> > browser.
> >
> > So I ventured onto IRC, where some helpful people told me to telnet from
> the
> > DNS server to the webservers domain (telnet npelem.com 80). I did this
> and
> > it connected, they then told me to type "GET / HTTP/1.0" (may have the
> slash
> > wrong) and press enter twice. I did that, and low and behold it returned
> the
> > HTML code of the index.php.
> >
> > At this point they told me DNS is doing its job and it is the browser. I
> > quit for the day. Today I came in and decided it can't be 3 new systems,
> 2
> > servers, and 3 different operating systems. I am on Vista with FireFox
> and
> > IE 7, the Windows server was not updated to IE 7, so it just has the
> secured
> > IE with I took down to low security, and Ubuntu Linux 7.04 using
> FireFox.
> > Both the Windows 2003 server and the Ubuntu system have DNS running.
> >
> > So instead of just explaining more and more I will just list some
> > information and link to the BIND file I pasted at pastebin.ca.
> > Windows Server 2003, ip 192.168.168.6 static, running DHCP and DNS, no
> > Active Directory / Domain integration, just a plain DHCP/DNS server.
> DHCP
> > points it for DNS
> > DHCP supplies: IP, Gateway, Subnet, DNS, TimeServer, and LDAP
> >
> > Ubuntu: IP 192.168.168.7 DNS using BIND9 only. Setup for itself and my
> Vista
> > system only as DNS server
> >
> > My System: I installed wireshark to watch the network today, I use DHCP
> via
> > wired connecting, but set the DNS manually to 192.168.168.7
> >
> > Old Server: OS X Server 10.3.9 running AFP, DNS, DHCP, NFS, Open
> Directory,
> > Print Sharing. IP 192.168.168.203 (don't ask...I am changing it when I
> re-do
> > the server)
> >
> > Webserver/MailServer: OS X Server 10.3.9, IP 192.168.112.2
> >
> > Network Devices: Barracuda Spyware Firewall (192.168.168.2) and
> Watchguard
> > Firebox Edge X50 ( 192.168.168.1 -Gateway)
> > Note: Firebox was the former filter, it now just does NAT routing to
> direct
> > traffic to our off network webserver, it allows passthrough between the
> > networks with no restrictions atm..defeating the purpose of the
> segmentation
> > I know).
> >
> > The two new servers are Dell Power Edge 860's. My system is an HP
> Pavillion
> > Notebook, and the old server is an Xserver.
> >
> > BIND9 Files: (all zones and zone config) http://www.pastebin.ca/733070(just
> > the named.conf main file) http://www.pastebin.ca/733077
> > Seperated the first paste's files with equals signs
> >
> > Our domains: npelem.com and nationalpark.k12.nj.us (they just need to
> > redirect to servers, nothing like active directory where it is
> integrated
> > into every system)
> >
> > Here is the really strange thing that has me baffled. While running wire
> > shark, I can see BIND requests as DNS, while most request to Microsoft
> show
> > as MDNS. As I watched my system, when I go to say www.google.com with
> > FireFox I see the request and the response with the DNS protocol. When I
> go
> > to one of the two domains the server manages, I never see the request or
> a
> > response on wireshark. I tried this on the server, but wireshark can't
> see
> > the looping on the server, as it never goes across the network and is
> > handled internally.
> >
> > Anyone have a clue why the local command line testing say the DNS on
> both
> > server is working fine, yet applications like FireFox can't ever get to
> the
> > webserver via name but by IP?
> >
> > If you need more information please let me know. I am going nuts,
> because I
> > can't track this down yet.
> >
> > Thanks,
> > Shane Sammons
> > National Park Elementary
>
> > _______________________________________________
> > K12OSN mailing list
> > K12OSN at redhat.com
> > https://www.redhat.com/mailman/listinfo/k12osn
> > For more info see <http://www.k12os.org>
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20071011/c6876945/attachment.htm>