DNS client setup

I have no clue how to setup my unix sparc2 running SunOS 4.1.4 as a client using netscape.  I get errors on startup of netscpape indicating no DNS available.  I have a firewall to go through and an ISDN router.  Netscape runs fine from my PC running WinNT.  I specified a gateway and NDS server in the TCP/IP setup and that was all there was to it.  I have hacked at the unix system but am unable to get netscape to work.  The SunOS manuals are no help.
which DNS server did you specify? Your own, or the one of your ISP?
When do get the error? When you start netscape? or do get the error when you type in an address? If you get an error, you can try typing in the computer's internet number a.b.c.d, instead of using its name.

everettAuthor Commented:
Unix documentation says you can setup workstation as DNS server or client.  I only need client but if server is easier thats ok with me.  The resolv.conf file has:
domain ecrm.com
nameserver [workstation IP]
nameserver [ISP DNS #1]
nameserver [ISP DNS #2].
The daemon in.named is not running.  When I start netscape I get the error when netscape tries to make the first conection.  I have tried adding IP addresses to know sites to the hosts files but this does not seem to work either.  I believe I am not getting through the firewall or router, don't know which one, but am not 100% sure.  I have recently tried another system with similar results.  However I have succesfuuly had netscape running but if the system is booted in this configuration it can't find it's own display.  This workstation has a direct modem link to an ISP.  The configuration is similar but in.named is started only after a succesful boot and resolv.conf does not name the workstation IP as a nameserver it has (nameserver  After booting I change resolv.conf to include the workstation IP as a nameserver and start in.named.  This allows netscape to run but if rebooted without backing out the changes the workstation can not find display workstation.ecrm.com:0.0.
I have the suspicion that networking on your sun(s) is not completely set up. You should check
the following things (you might have slightly different output):
$ netstat -in
Name  Mtu   Network     Address            Ipkts Ierrs    Opkts Oerrs  Coll
lo0   16896 <Link>                       5948689     0  5948447     0     0
lo0   16896 127        5948689     0  5948447     0     0
en0   4096  <Link>0.4.ac.65.55.19       38375435     0 38179616 67993     0
en0   4096  62.184.160   38375435     0 38179616 67993     0
                                          ^^^^^^^^^^^^^^^^^  <- the IP address of your sun

$ netstat -rn
default      UG       47 12685756  en0    -    -  
62.184.160     U       149 14782012  en0    -    -  
127             U         2   164240  lo0    -    -  
-- the line with default should point to the ip address of your router (or firewall)
-- the TCP/IP network setting 'gateway' on NT contains the same address

-- this working you can check basic connectivity:
$ ping x.x.x.x      <- ip address of the router
PING router.xxx.xxx: ( 56 data bytes
64 bytes from icmp_seq=0 ttl=251 time=84 ms
64 bytes from icmp_seq=1 ttl=251 time=38 ms

$ ping f.f.f.f      <- ip address of the firewall
PING gator.xxx.xxx: ( 56 data bytes
64 bytes from icmp_seq=0 ttl=251 time=84 ms
64 bytes from icmp_seq=1 ttl=251 time=38 ms

If this seems to work we can go ahead to the DNS problem:
Look up the DNS configuration of the NT machine (the TCP/IP
settings notebook again). The Domain and DNS server entries
are what we need. These should be the same as the definitions
in the /etc/resolv.conf file on the sun. You do not need in.named.

everettAuthor Commented:
In response to markus_baertschi,  I'm not getting through the firewall.

highlight everett# netstat -in
Name  Mtu  Net/Dest      Address        Ipkts  Ierrs Opkts  Oerrs Collis Queue
le0   1500   1012015 0    470908  0    6277   0    
                         ^^^^^address of workstation
lo0   1536      3642094 0    3642094 0    0      0    
iip0  1024 af16:     318380  0    702     0    0      0    
llc0  1497 none          none           365302  0    546     0    0      0    
highlight everett#

highlight everett# netstat -rn
Routing tables
Destination          Gateway              Flags    Refcnt Use        Interface              UH       2      973        lo0
default           UG       0      28         le0
                     ^^^^^address of the firewall       UG       0      386        le0          U        63     4057912    le0
highlight everett#

highlight everett# ping is alive
^^^^^address of the firewall
highlight everett#

highlight everett# ping
no answer from
               ^^^^^address of the ISDN router
highlight everett#
If you cannot pass the firewall, you will have to modify some settings on the firewall.

The software we used allowed for each service (eg ftp, ping, telnet,...) to define in which direction teh traffic could go (inside->outside, outside->inside) and/or to only a certain number of other computers.

Check the documentation of the firewall, to see how to modify the options.
everettAuthor Commented:
Already sent message to get info on firewall setup.  What do I need (minimum) for DNS and web brousing to work ?  I want to keep the maximum security level as possible.

I don't know the numbers nor the names of the needed services, but you can take a look in the /etc/services file. There you can find for all standard services the name, number and a short description
What are the corresponding settings on your NT machine ?
Do you have a special route to the ISDN router ?
What is your netmask on the sun ('ifconfig le0' will tell you) ?
How does your /etc/resolv.conf looks ('cat /etc/resolv.conf' will tell) ?

It looks like the firewall sits in front of the router. You probably have
no possibility to see whats behind, but you don't need to know to get
things working.

  The sun and the router are on the same class B subnet. Is very likely
  that you can not ping the router as the firewall blocks the ping packets.

  If this is the case you need to configure the netscape proxy settings
  correctly (the same as on the NT machines) and probably configure the
  resolver (dns client) on the sun as well (/etc/resolv.conf file).

everettAuthor Commented:
NT Machine
default gateway is the firewall
netmask is
cant ping beyond firewall

Unix Machine:
default gateway is the firewall
netmask is
cant ping beyond firewall

domain ecrm.com
When resolv.conf includes workstation and ISP addresses
domain ecrm.com
XDM does not function because it cant find display highlight.ecrm.com:0.0

highlight is defined in /etc/hosts and in /var/yp/src/hosts for NIS

Firewall does sit in front of the router
Firewall is suposed to allow ping packets
  Highlight currently has permission to use www and dns services through the firewall.  You should be able to ping the router or the dns servers.""

Dont know proxy settings  where are they in unix ?
Having problems booting when I modify resolv.conf

everettAuthor Commented:
unix machine:
in.named is not running

your problem is with the in the nameserver
line on the sun. What is your nameserver on the NT
machine ?
You need to set the sun to the same address. The firewall
might be the nameserver as well.


everettAuthor Commented:
on NT there are two DNS entries and one gateway entry the gateway is the firewall and the DNS are the ISP DNS primary and secondary

on unix if nameserver is the system will boot but netscape gets DNS error

if the nameserver is highlight the system can't find display and if rebooted XDM does not run

if nameserver is ISP DNS the system can't find display and if rebooted XDM does not run

I need a configuration where highlight looks at it's local database for local IPs and looks for DNS for internet IPs I can't seem to separate the two

still can't ping beyond firewall but don't think this is required for browsing

I now have another system with a dial-up connection (no firewall) and get the same conflicts with the resolv.conf file when resolv.conf has XDM runs but if any other IP is used the system can't find display  on this system I can ping any internet address including the ISP DNS but get DNS errors when resolv.conf has at one time I booted with nameserver and no in.named then changed resolv.conf to include workstation IP and two DNS entries then started in.named at this point netscape would work but I could never boot the machine because XDM would then fail because it could not find display  Here I am back to the conflict of not being able to separate DNS with local IP for display
I am still confused about your configuration, but will

- I assume that your basic networking stuff (routing & 

gateways) is working. Pings work on sun & NT, both
can not ping bejond the firewall (this is normal).

- What is left, is to make DNS work or make Netscape

without DNS work.

On DNS now:
a) The NT machine  points to the ISP for DNS. This can
not work with the firewall. I assume these entries are
leftovers from direct dialup connections.
- You can confirm this by using ping www.microsoft.com
  on the command line. If ping starts to send packets then
  DNS works, otherwise it will display an error

b) your Netscape on NT works. Because you have a Firewall
you did configure the proxy page (network settings). In
case of a proxy Netscape does not need a working DNS.

c) DNS on the sun does not work. If you specify

this implies that you have a local nameserver (in.named)

configured and running. As you don't this does not work.
If you dont know what your nameservers are then the only

good solution is to remove the /etc/resolv.conf file. Don't

let it site there with false information ! This should solve

your problem with the XDM login also.

d) Netscape on the sun does not work. As there is no

working DNS you need to specify the proxy. You can

specify the same as on the NT machine.

everettAuthor Commented:
NT default gateway is the firewall      ecrmgtwy      #ECRM Firewall
The DNS Service Search Order is:      shorenetdns1      #ECRM ISP DNS Server number one      shorenetdns2      #ECRM ISP DNS Server number two      ecrmisdn      #ECRM ISDN Router
These are not leftovers.  I originally left these out and defined only the gateway and netscape would not work.  After defining the DNS serarch order nescape worked.  Ping does not get beyond the firewall.
Pinging with 32 bytes of data:
Request timed out.
D:\users\default>ping www.microsoft.com
Pinging www.microsoft.com [] with 32 bytes of data:
Request timed out.

Yes netscape on NT works.  No I did not setup any proxy.

DNS does not work if specified.  
highlight everett% more /etc/resolv.conf
domain ecrm.com

bottom status says:
connect:looking up host home.netscape.com
After long timout
Netscape is unable to locate server home.netscape.com  The server does not have a DNS entry.  Check the server name in the Location (URL) and try again.

The deamon in.named is not running.
highlight everett% ps awx|grep named
 1652 p2 S     0:00 grep named
highlight everett%

Don't know what information to use as a proxy as I never had to specify or use one.

everettAuthor Commented:
Sorry, the router is not in the NT DNS search order.  I included this so you could see the address I was pinging was the router.
What is you specify the same nameservers on the sun as on NT, such as:
$ cat /etc/resolv.conf
domain ecrm.com

Do you have traceroute on NT ?
Does traceroute to the dns servers work ?
(Traceroute is using UDP, as is DNS)
jclfCommented: is sparky5.shore.net, and is not a DNS server. - northshore.ecosoft.com - is the first listed DNS for shore.net. The second is sparkyjr.shore.net (

You will find:

# nslookup
Default Server:  foo.bar.com
address:190.10.xxx.yyy  -or-

> server
Default Server:  northshore.ecosoft.com

> home.netscape.com
Server:  northshore.ecosoft.com

Name:    www-me1.netscape.com
Aliases:  home.netscape.com

> server
Default Server:  sparky5.shore.net

> home.netscape.com

....this last takes forever. ^C out, and exit.

Now, going back to your original question, you don't have in.named running. If you don't have DNS running anywhere inside the firewall, you won't get "workstation.ecrm.com" to resolve unless you ask your ISP to add it to the ecrm.com zone. ISPs hate doing this, and (IME) do it badly (a former DNS admin writes!).

I recommend that you get the Nutshell book "TCP/IP network administration", and work through chapter 8. Set up an internal zone "inside.ecrm.com", so your workstation becomes "workstation.inside.ecrm.com". Use this workstation's IP address as the first nameserver entry in resolv.conf, and the sparkyjr.shore.net address as the second.

Ask the SA at shore.net to provide secondary DNS for inside.ecrm.net ONLY if you want your hosts to have reverse IP work: otherwise, for certain FTP sites (ftp.uu.net for one), you may be turned away. Alternatively, use a proxy outside the firewall, or use the firewall as the proxy: it's much easier to set up.

Hope this helps!

everettAuthor Commented:
Finally got around to trying it.  Proxy works but had to use remote proxy because I do not know how to get our firewall to act as proxy.  I've asked our MIS group but have not gotten a response yet.  I am still trying to get the book so I can learn to set up an internal zone.  
Thank all of you for your help.  

Unix OS

