Solved

DNS client setup

Posted on 1998-03-17
18
302 Views
Last Modified: 2013-12-16
I have no clue how to setup my unix sparc2 running SunOS 4.1.4 as a client using netscape.  I get errors on startup of netscpape indicating no DNS available.  I have a firewall to go through and an ISDN router.  Netscape runs fine from my PC running WinNT.  I specified a gateway and NDS server in the TCP/IP setup and that was all there was to it.  I have hacked at the unix system but am unable to get netscape to work.  The SunOS manuals are no help.
0
Comment
Question by:everett
  • 9
  • 5
  • 3
  • +1
18 Comments
 
LVL 3

Expert Comment

by:elfie
ID: 1812937
which DNS server did you specify? Your own, or the one of your ISP?
When do get the error? When you start netscape? or do get the error when you type in an address? If you get an error, you can try typing in the computer's internet number a.b.c.d, instead of using its name.

0
 

Author Comment

by:everett
ID: 1812938
Unix documentation says you can setup workstation as DNS server or client.  I only need client but if server is easier thats ok with me.  The resolv.conf file has:
domain ecrm.com
nameserver [workstation IP]
nameserver [ISP DNS #1]
nameserver [ISP DNS #2].
The daemon in.named is not running.  When I start netscape I get the error when netscape tries to make the first conection.  I have tried adding IP addresses to know sites to the hosts files but this does not seem to work either.  I believe I am not getting through the firewall or router, don't know which one, but am not 100% sure.  I have recently tried another system with similar results.  However I have succesfuuly had netscape running but if the system is booted in this configuration it can't find it's own display.  This workstation has a direct modem link to an ISP.  The configuration is similar but in.named is started only after a succesful boot and resolv.conf does not name the workstation IP as a nameserver it has (nameserver 127.0.0.1).  After booting I change resolv.conf to include the workstation IP as a nameserver and start in.named.  This allows netscape to run but if rebooted without backing out the changes the workstation can not find display workstation.ecrm.com:0.0.
0
 
LVL 1

Expert Comment

by:markus_baertschi
ID: 1812939
I have the suspicion that networking on your sun(s) is not completely set up. You should check
the following things (you might have slightly different output):
$ netstat -in
Name  Mtu   Network     Address            Ipkts Ierrs    Opkts Oerrs  Coll
lo0   16896 <Link>                       5948689     0  5948447     0     0
lo0   16896 127         127.0.0.1        5948689     0  5948447     0     0
en0   4096  <Link>0.4.ac.65.55.19       38375435     0 38179616 67993     0
en0   4096  62.184.160  62.184.160.10   38375435     0 38179616 67993     0
                                          ^^^^^^^^^^^^^^^^^  <- the IP address of your sun

$ netstat -rn
default          62.184.160.1      UG       47 12685756  en0    -    -  
62.184.160       62.184.160.10     U       149 14782012  en0    -    -  
127              127.0.0.1         U         2   164240  lo0    -    -  
-- the line with default should point to the ip address of your router (or firewall)
-- the TCP/IP network setting 'gateway' on NT contains the same address

-- this working you can check basic connectivity:
$ ping x.x.x.x      <- ip address of the router
PING router.xxx.xxx: (62.184.175.2): 56 data bytes
64 bytes from 62.184.175.2: icmp_seq=0 ttl=251 time=84 ms
64 bytes from 62.184.175.2: icmp_seq=1 ttl=251 time=38 ms

$ ping f.f.f.f      <- ip address of the firewall
PING gator.xxx.xxx: (62.184.175.2): 56 data bytes
64 bytes from 62.184.175.2: icmp_seq=0 ttl=251 time=84 ms
64 bytes from 62.184.175.2: icmp_seq=1 ttl=251 time=38 ms

If this seems to work we can go ahead to the DNS problem:
Look up the DNS configuration of the NT machine (the TCP/IP
settings notebook again). The Domain and DNS server entries
are what we need. These should be the same as the definitions
in the /etc/resolv.conf file on the sun. You do not need in.named.

0
 

Author Comment

by:everett
ID: 1812940
In response to markus_baertschi,  I'm not getting through the firewall.


highlight everett# netstat -in
Name  Mtu  Net/Dest      Address        Ipkts  Ierrs Opkts  Oerrs Collis Queue
le0   1500 190.10.0.0    190.10.200.6   1012015 0    470908  0    6277   0    
                         ^^^^^address of workstation
lo0   1536 127.0.0.0     127.0.0.1      3642094 0    3642094 0    0      0    
iip0  1024 af16: 00.00.00.02.20.154     318380  0    702     0    0      0    
llc0  1497 none          none           365302  0    546     0    0      0    
highlight everett#

highlight everett# netstat -rn
Routing tables
Destination          Gateway              Flags    Refcnt Use        Interface
127.0.0.1            127.0.0.1            UH       2      973        lo0
default              190.10.199.254       UG       0      28         le0
                     ^^^^^address of the firewall
192.168.1.0          190.10.200.254       UG       0      386        le0
190.10.0.0           190.10.200.6         U        63     4057912    le0
highlight everett#

highlight everett# ping 190.10.199.254
190.10.199.254 is alive
^^^^^address of the firewall
highlight everett#

highlight everett# ping 207.244.78.65
no answer from 207.244.78.65
               ^^^^^address of the ISDN router
highlight everett#
0
 
LVL 3

Expert Comment

by:elfie
ID: 1812941
If you cannot pass the firewall, you will have to modify some settings on the firewall.

The software we used allowed for each service (eg ftp, ping, telnet,...) to define in which direction teh traffic could go (inside->outside, outside->inside) and/or to only a certain number of other computers.

Check the documentation of the firewall, to see how to modify the options.
0
 

Author Comment

by:everett
ID: 1812942
Already sent message to get info on firewall setup.  What do I need (minimum) for DNS and web brousing to work ?  I want to keep the maximum security level as possible.

0
 
LVL 3

Expert Comment

by:elfie
ID: 1812943
I don't know the numbers nor the names of the needed services, but you can take a look in the /etc/services file. There you can find for all standard services the name, number and a short description
0
 
LVL 1

Expert Comment

by:markus_baertschi
ID: 1812944
What are the corresponding settings on your NT machine ?
Do you have a special route to the ISDN router ?
What is your netmask on the sun ('ifconfig le0' will tell you) ?
How does your /etc/resolv.conf looks ('cat /etc/resolv.conf' will tell) ?

It looks like the firewall sits in front of the router. You probably have
no possibility to see whats behind, but you don't need to know to get
things working.

  The sun and the router are on the same class B subnet. Is very likely
  that you can not ping the router as the firewall blocks the ping packets.

  If this is the case you need to configure the netscape proxy settings
  correctly (the same as on the NT machines) and probably configure the
  resolver (dns client) on the sun as well (/etc/resolv.conf file).

 
0
 

Author Comment

by:everett
ID: 1812945
NT Machine
default gateway is the firewall
netmask is 255.255.0.0
cant ping beyond firewall

Unix Machine:
default gateway is the firewall
netmask is 255.255.0.0
cant ping beyond firewall

resolv.conf:
domain ecrm.com
nameserver 127.0.0.1
Note:
When resolv.conf includes workstation and ISP addresses
(
domain ecrm.com
nameserver 190.10.200.6
nameserver 192.233.145.6
)
XDM does not function because it cant find display highlight.ecrm.com:0.0

highlight is defined in /etc/hosts and in /var/yp/src/hosts for NIS

Firewall does sit in front of the router
Firewall is suposed to allow ping packets
""Tom,
  Highlight currently has permission to use www and dns services through the firewall.  You should be able to ping the router or the dns servers.""

Dont know proxy settings  where are they in unix ?
Having problems booting when I modify resolv.conf

0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:everett
ID: 1812946
unix machine:
in.named is not running
0
 
LVL 1

Expert Comment

by:markus_baertschi
ID: 1812947
Everett,

your problem is with the 127.0.0.1 in the nameserver
line on the sun. What is your nameserver on the NT
machine ?
You need to set the sun to the same address. The firewall
might be the nameserver as well.

Markus

0
 

Author Comment

by:everett
ID: 1812948
on NT there are two DNS entries and one gateway entry the gateway is the firewall and the DNS are the ISP DNS primary and secondary

on unix if nameserver is 127.0.0.1 the system will boot but netscape gets DNS error

if the nameserver is highlight the system can't find display and if rebooted XDM does not run

if nameserver is ISP DNS the system can't find display and if rebooted XDM does not run

I need a configuration where highlight looks at it's local database for local IPs and looks for DNS for internet IPs I can't seem to separate the two

still can't ping beyond firewall but don't think this is required for browsing

I now have another system with a dial-up connection (no firewall) and get the same conflicts with the resolv.conf file when resolv.conf has 127.0.0.1 XDM runs but if any other IP is used the system can't find display  on this system I can ping any internet address including the ISP DNS but get DNS errors when resolv.conf has 127.0.0.1 at one time I booted with nameserver 127.0.0.1 and no in.named then changed resolv.conf to include workstation IP and two DNS entries then started in.named at this point netscape would work but I could never boot the machine because XDM would then fail because it could not find display  Here I am back to the conflict of not being able to separate DNS with local IP for display
0
 
LVL 1

Expert Comment

by:markus_baertschi
ID: 1812949
I am still confused about your configuration, but will
explain:

- I assume that your basic networking stuff (routing &

gateways) is working. Pings work on sun & NT, both
can not ping bejond the firewall (this is normal).

- What is left, is to make DNS work or make Netscape

without DNS work.

On DNS now:
a) The NT machine  points to the ISP for DNS. This can
not work with the firewall. I assume these entries are
leftovers from direct dialup connections.
- You can confirm this by using ping www.microsoft.com
  on the command line. If ping starts to send packets then
  DNS works, otherwise it will display an error

b) your Netscape on NT works. Because you have a Firewall
you did configure the proxy page (network settings). In
case of a proxy Netscape does not need a working DNS.

c) DNS on the sun does not work. If you specify 127.0.0.1

this implies that you have a local nameserver (in.named)

configured and running. As you don't this does not work.
If you dont know what your nameservers are then the only

good solution is to remove the /etc/resolv.conf file. Don't

let it site there with false information ! This should solve

your problem with the XDM login also.

d) Netscape on the sun does not work. As there is no

working DNS you need to specify the proxy. You can

specify the same as on the NT machine.

Markus
0
 

Author Comment

by:everett
ID: 1812950
a)
NT default gateway is the firewall
190.10.199.254      ecrmgtwy      #ECRM Firewall
The DNS Service Search Order is:
192.233.85.12      shorenetdns1      #ECRM ISP DNS Server number one
192.233.145.6      shorenetdns2      #ECRM ISP DNS Server number two
207.244.78.65      ecrmisdn      #ECRM ISDN Router
These are not leftovers.  I originally left these out and defined only the gateway and netscape would not work.  After defining the DNS serarch order nescape worked.  Ping does not get beyond the firewall.
D:\users\default>ping 207.244.78.65
Pinging 207.244.78.65 with 32 bytes of data:
Request timed out.
D:\users\default>ping www.microsoft.com
Pinging www.microsoft.com [207.68.156.58] with 32 bytes of data:
Request timed out.

b)
Yes netscape on NT works.  No I did not setup any proxy.

c)
DNS does not work if 127.0.0.1 specified.  
highlight everett% more /etc/resolv.conf
domain ecrm.com
nameserver 127.0.0.1

http://home.netscape.com/
bottom status says:
connect:looking up host home.netscape.com
After long timout
Netscape:Error
Netscape is unable to locate server home.netscape.com  The server does not have a DNS entry.  Check the server name in the Location (URL) and try again.

The deamon in.named is not running.
highlight everett% ps awx|grep named
 1652 p2 S     0:00 grep named
highlight everett%

d)
Don't know what information to use as a proxy as I never had to specify or use one.

0
 

Author Comment

by:everett
ID: 1812951
a)
Sorry, the router is not in the NT DNS search order.  I included this so you could see the address I was pinging was the router.
0
 
LVL 1

Expert Comment

by:markus_baertschi
ID: 1812952
What is you specify the same nameservers on the sun as on NT, such as:
$ cat /etc/resolv.conf
domain ecrm.com
nameserver  192.233.85.12
nameserver  192.233.145.6
nameserver  207.244.78.65

Do you have traceroute on NT ?
Does traceroute to the dns servers work ?
(Traceroute is using UDP, as is DNS)
0
 
LVL 1

Accepted Solution

by:
jclf earned 50 total points
ID: 1812953
192.233.85.12 is sparky5.shore.net, and is not a DNS server. 192.233.85.129 - northshore.ecosoft.com - is the first listed DNS for shore.net. The second is sparkyjr.shore.net (192.233.145.6).

You will find:

# nslookup
Default Server:  foo.bar.com
address:190.10.xxx.yyy  -or- 127.0.0.1

> server 192.233.85.129
Default Server:  northshore.ecosoft.com
Address:  192.233.85.129

> home.netscape.com
Server:  northshore.ecosoft.com
Address:  192.233.85.129

Name:    www-me1.netscape.com
Address:  204.152.167.20
Aliases:  home.netscape.com

> server 192.233.85.12
Default Server:  sparky5.shore.net
Address:  192.233.85.12

> home.netscape.com

....this last takes forever. ^C out, and exit.

Now, going back to your original question, you don't have in.named running. If you don't have DNS running anywhere inside the firewall, you won't get "workstation.ecrm.com" to resolve unless you ask your ISP to add it to the ecrm.com zone. ISPs hate doing this, and (IME) do it badly (a former DNS admin writes!).

I recommend that you get the Nutshell book "TCP/IP network administration", and work through chapter 8. Set up an internal zone "inside.ecrm.com", so your workstation becomes "workstation.inside.ecrm.com". Use this workstation's IP address as the first nameserver entry in resolv.conf, and the sparkyjr.shore.net address as the second.

Ask the SA at shore.net to provide secondary DNS for inside.ecrm.net ONLY if you want your hosts to have reverse IP work: otherwise, for certain FTP sites (ftp.uu.net for one), you may be turned away. Alternatively, use a proxy outside the firewall, or use the firewall as the proxy: it's much easier to set up.

Hope this helps!
0
 

Author Comment

by:everett
ID: 1812954
Finally got around to trying it.  Proxy works but had to use remote proxy because I do not know how to get our firewall to act as proxy.  I've asked our MIS group but have not gotten a response yet.  I am still trying to get the book so I can learn to set up an internal zone.  
Thank all of you for your help.  

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. jgh@FreeBSD.org Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ for the updated article. It is avail…
Let's say you need to move the data of a file system from one partition to another. This generally involves dismounting the file system, backing it up to tapes, and restoring it to a new partition. You may also copy the file system from one place to…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now