Solved

Dial Up Config and Cached DNS

Posted on 1998-11-26
9
280 Views
Last Modified: 2010-03-18
I'm trying to set up my network to go through a Linux machine using a cached DNS (via named on the Linux machine) and to do IP Masq. Everything works fine but for two things I can't resolve.

1) The machine keeps dialing out even though there are no outgoing requests as far as I can make out (using a network with a mixture of Windows NT and Window 95 machines). This is even with Cached DNS disabled.

2) When dialled in with Cached DNS enabled I get a constant stream of communication between the root DNS servers. Also dialling out gets worse (it's wants to be online ALL the time)  - whats going on here?

I provide a tcpdump extract for reference:

15:17:21.071709 truncated-ip - 16321 bytes missing!0.70.15.248 > 0.0.64.17: (fra
g 27822:16401@63512+) [ttl 0]
15:17:21.121709 d.root-servers.net.domain > my.domain: 17616 NX
Domain*- 0/1/0 (128)
15:17:21.171709 truncated-ip - 16321 bytes missing!0.70.15.253 > 0.0.64.17: (fra
g 27817:16401@63512+) [ttl 0]
15:17:21.341709 a.root-servers.net.domain > my.domain: 17618 NX
Domain*- 0/1/0 (128) (DF)
15:17:21.381709 truncated-ip - 16321 bytes missing!0.70.16.2 > 0.0.64.17: (frag
27812:16401@63512+) [ttl 0]
15:17:21.521709 h.root-servers.net.domain > my.domain: 17619 NX
Domain*- 0/1/0 (128) (DF)
15:17:21.571709 truncated-ip - 16321 bytes missing!0.70.16.7 > 0.0.64.17: (frag
27807:16401@63512+) [ttl 0]
15:17:21.711709 d.root-servers.net.domain > my.domain: 17620 NX
Domain*- 0/1/0 (128)
15:17:21.761709 truncated-ip - 16321 bytes missing!0.70.16.12 > 0.0.64.17: (frag
 27802:16401@63512+) [ttl 0]
15:17:21.961709 E.ROOT-SERVERS.NET.domain > my.domain: 17621 NX
Domain*- 0/1/0 (128) (DF)
15:17:22.001709 truncated-ip - 16321 bytes missing!0.70.16.17 > 0.0.64.17: (frag
 27797:16401@63512+) [ttl 0]

sorry about formatting it's a bit tricky submitting here :)

So the questions are: How do I stop it dialling out all the time - and whats with the communication with DNS when no DNS requests have been made (should this be happening and if not why is it happening?)
0
Comment
Question by:henryj
  • 4
  • 3
  • 2
9 Comments
 

Author Comment

by:henryj
ID: 1587707
Edited text of question
0
 

Author Comment

by:henryj
ID: 1587708
Edited text of question
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 1587709
assuming that you are shure that your named on linux didn't do it
itself, I suggest checking you Win boxes (ipconfig -all, winipcfg).
Check for valid DNSServer and Gateway entries.

Another quick method for finding crazy M$ requests is using samba
with -d (debug) option, 'cause it reports detailed what's going
on with the SMB protocol.
0
 

Author Comment

by:henryj
ID: 1587710
I think maybe named is talking to the root servers so it may not be possible to run the network with DNS and dial on demand (unless I can find a way of disabling DNS requests causing a dial out). All the windows machines are correctly configured gateway and DNS wise. In the case of teh former nothing would be able to get out onto the net if they weren't and in the latter I've checked carefully all DNS entries.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 51

Expert Comment

by:ahoffmann
ID: 1587711
Yes, nobody is getting out, but M$ may request a name-resolution
at the DNSServer, which simply forwards this query.
You have to find the *real* source box who is initiating the query.
0
 
LVL 2

Expert Comment

by:irp
ID: 1587712
Make sure that your local DNS server contains data (A and PTR) for local hosts and lists itself as the NS for your local domain. What do you use for dial on demand, try diald it has reasonable filtering capability, use this to filter port 137-139 (netbios). This should stop Windows machine broadcasts bringing up the link. Also make sure subnet masks are set the same on all machines and you don't have any devices using IP addresses not on your network, e.g. HP Jetdirect print servers may have a default IP address and you may only be using IPX on them. One more thing, when connected make sure you get the latest root nameservers info by entering dig @rs.internic.net . ns > /var/named/cache

0
 
LVL 2

Accepted Solution

by:
irp earned 200 total points
ID: 1587713
Make sure that your local DNS server contains data (A and PTR) for local hosts and lists itself as the NS for your local domain. What do you use for dial on demand, try diald it has reasonable filtering capability, use this to filter port 137-139 (netbios). This should stop Windows machine broadcasts bringing up the link. Also make sure subnet masks are set the same on all machines and you don't have any devices using IP addresses not on your network, e.g. HP Jetdirect print servers may have a default IP address and you may only be using IPX on them. One more thing, when connected make sure you get the latest root nameservers info by entering dig @rs.internic.net . ns > /var/named/cache

0
 

Author Comment

by:henryj
ID: 1587714
I'm aware of most of the things you replied with now (as while I was waiting for a response here I got to find out about them). However, none of them really quite solve my problems. But I do not believe there are any more complete answers which is why I am awarding the points and closing the question down...

To answer your suggestions one by one:

1) My DNS is set up with A and PTR for local hosts and does list itself as NS for my domain. After much fiddling I decided that the tcpdump I showed may be due to a bug in tcpdump because it only goes on forever if I dump to stdout - whereas if I dump to a file it stops after a few of those packets flying around. This seems very suspect to me.

2) Everyone says diald is the thing to use. Unfortunately it's not practical for me at the moment. I am running Linux on a 386 and I have squashed the software onto a very small disk and have had to delete the kernel sources I used. Diald requires SLIP to be enabled in the kernel and also (as with most Linux software) requires to be compiled to be used. Doing this on the 386 would be a nightmare. It took me weeks to get my kernel to work with the ISDN card I have - a compile of the kernel takes a couple of hours on this system. I really don't want to have to do that unless I really have to. I plan to get a dev system for Linux later so maybe diald will become an option then. Meanwhile - if you know if the latest Redhat Linux supports sedlbaeur ISDN cards without you having to get the drivers from the dev group and fiddle with them (i.e. does it support the card out of the box) then that would be helpful!

3) I have already blocked all Windows netbios comms to the Linux machine by using ipfwadm. Any windows nonsense gets incinerated by the firewall. In any case it's not the windows machines bringing up the connection as I tried turning them all off and it still dialed out every so often.

4) Subnet masks are all ok - but I checked them anyway thanks for that one.

5) I am aware of keeping root.hints up to date with dig.

Anyway, thanks for the attempt to help. Your advice seems to be what most people say so I'll just have to bite the bullet and get diald working when it's convenient... shame there isn't an easier way.

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 1587715
> .. due to a bug in tcpdump ..
Hmm, I also know of a bug that tcpdump crashes with segmentation fault when seeing SMB packets, both writing on stdout and to a file.
This is another reason why I suggested using Samba's dump to look at the packets

> 3) I have already blocked all Windows netbios comms to the Linux machine by using ipfwadm.
Yes this will stop packets on ports 137-139, but if M$ querys the
name server on your Linux box, named itself querys the internet.

Good Luck.

0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now