Solved

Dial Up Config and Cached DNS

Posted on 1998-11-26
9
283 Views
Last Modified: 2010-03-18
I'm trying to set up my network to go through a Linux machine using a cached DNS (via named on the Linux machine) and to do IP Masq. Everything works fine but for two things I can't resolve.

1) The machine keeps dialing out even though there are no outgoing requests as far as I can make out (using a network with a mixture of Windows NT and Window 95 machines). This is even with Cached DNS disabled.

2) When dialled in with Cached DNS enabled I get a constant stream of communication between the root DNS servers. Also dialling out gets worse (it's wants to be online ALL the time)  - whats going on here?

I provide a tcpdump extract for reference:

15:17:21.071709 truncated-ip - 16321 bytes missing!0.70.15.248 > 0.0.64.17: (fra
g 27822:16401@63512+) [ttl 0]
15:17:21.121709 d.root-servers.net.domain > my.domain: 17616 NX
Domain*- 0/1/0 (128)
15:17:21.171709 truncated-ip - 16321 bytes missing!0.70.15.253 > 0.0.64.17: (fra
g 27817:16401@63512+) [ttl 0]
15:17:21.341709 a.root-servers.net.domain > my.domain: 17618 NX
Domain*- 0/1/0 (128) (DF)
15:17:21.381709 truncated-ip - 16321 bytes missing!0.70.16.2 > 0.0.64.17: (frag
27812:16401@63512+) [ttl 0]
15:17:21.521709 h.root-servers.net.domain > my.domain: 17619 NX
Domain*- 0/1/0 (128) (DF)
15:17:21.571709 truncated-ip - 16321 bytes missing!0.70.16.7 > 0.0.64.17: (frag
27807:16401@63512+) [ttl 0]
15:17:21.711709 d.root-servers.net.domain > my.domain: 17620 NX
Domain*- 0/1/0 (128)
15:17:21.761709 truncated-ip - 16321 bytes missing!0.70.16.12 > 0.0.64.17: (frag
 27802:16401@63512+) [ttl 0]
15:17:21.961709 E.ROOT-SERVERS.NET.domain > my.domain: 17621 NX
Domain*- 0/1/0 (128) (DF)
15:17:22.001709 truncated-ip - 16321 bytes missing!0.70.16.17 > 0.0.64.17: (frag
 27797:16401@63512+) [ttl 0]

sorry about formatting it's a bit tricky submitting here :)

So the questions are: How do I stop it dialling out all the time - and whats with the communication with DNS when no DNS requests have been made (should this be happening and if not why is it happening?)
0
Comment
Question by:henryj
  • 4
  • 3
  • 2
9 Comments
 

Author Comment

by:henryj
ID: 1587707
Edited text of question
0
 

Author Comment

by:henryj
ID: 1587708
Edited text of question
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 1587709
assuming that you are shure that your named on linux didn't do it
itself, I suggest checking you Win boxes (ipconfig -all, winipcfg).
Check for valid DNSServer and Gateway entries.

Another quick method for finding crazy M$ requests is using samba
with -d (debug) option, 'cause it reports detailed what's going
on with the SMB protocol.
0
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

 

Author Comment

by:henryj
ID: 1587710
I think maybe named is talking to the root servers so it may not be possible to run the network with DNS and dial on demand (unless I can find a way of disabling DNS requests causing a dial out). All the windows machines are correctly configured gateway and DNS wise. In the case of teh former nothing would be able to get out onto the net if they weren't and in the latter I've checked carefully all DNS entries.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 1587711
Yes, nobody is getting out, but M$ may request a name-resolution
at the DNSServer, which simply forwards this query.
You have to find the *real* source box who is initiating the query.
0
 
LVL 2

Expert Comment

by:irp
ID: 1587712
Make sure that your local DNS server contains data (A and PTR) for local hosts and lists itself as the NS for your local domain. What do you use for dial on demand, try diald it has reasonable filtering capability, use this to filter port 137-139 (netbios). This should stop Windows machine broadcasts bringing up the link. Also make sure subnet masks are set the same on all machines and you don't have any devices using IP addresses not on your network, e.g. HP Jetdirect print servers may have a default IP address and you may only be using IPX on them. One more thing, when connected make sure you get the latest root nameservers info by entering dig @rs.internic.net . ns > /var/named/cache

0
 
LVL 2

Accepted Solution

by:
irp earned 200 total points
ID: 1587713
Make sure that your local DNS server contains data (A and PTR) for local hosts and lists itself as the NS for your local domain. What do you use for dial on demand, try diald it has reasonable filtering capability, use this to filter port 137-139 (netbios). This should stop Windows machine broadcasts bringing up the link. Also make sure subnet masks are set the same on all machines and you don't have any devices using IP addresses not on your network, e.g. HP Jetdirect print servers may have a default IP address and you may only be using IPX on them. One more thing, when connected make sure you get the latest root nameservers info by entering dig @rs.internic.net . ns > /var/named/cache

0
 

Author Comment

by:henryj
ID: 1587714
I'm aware of most of the things you replied with now (as while I was waiting for a response here I got to find out about them). However, none of them really quite solve my problems. But I do not believe there are any more complete answers which is why I am awarding the points and closing the question down...

To answer your suggestions one by one:

1) My DNS is set up with A and PTR for local hosts and does list itself as NS for my domain. After much fiddling I decided that the tcpdump I showed may be due to a bug in tcpdump because it only goes on forever if I dump to stdout - whereas if I dump to a file it stops after a few of those packets flying around. This seems very suspect to me.

2) Everyone says diald is the thing to use. Unfortunately it's not practical for me at the moment. I am running Linux on a 386 and I have squashed the software onto a very small disk and have had to delete the kernel sources I used. Diald requires SLIP to be enabled in the kernel and also (as with most Linux software) requires to be compiled to be used. Doing this on the 386 would be a nightmare. It took me weeks to get my kernel to work with the ISDN card I have - a compile of the kernel takes a couple of hours on this system. I really don't want to have to do that unless I really have to. I plan to get a dev system for Linux later so maybe diald will become an option then. Meanwhile - if you know if the latest Redhat Linux supports sedlbaeur ISDN cards without you having to get the drivers from the dev group and fiddle with them (i.e. does it support the card out of the box) then that would be helpful!

3) I have already blocked all Windows netbios comms to the Linux machine by using ipfwadm. Any windows nonsense gets incinerated by the firewall. In any case it's not the windows machines bringing up the connection as I tried turning them all off and it still dialed out every so often.

4) Subnet masks are all ok - but I checked them anyway thanks for that one.

5) I am aware of keeping root.hints up to date with dig.

Anyway, thanks for the attempt to help. Your advice seems to be what most people say so I'll just have to bite the bullet and get diald working when it's convenient... shame there isn't an easier way.

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 1587715
> .. due to a bug in tcpdump ..
Hmm, I also know of a bug that tcpdump crashes with segmentation fault when seeing SMB packets, both writing on stdout and to a file.
This is another reason why I suggested using Samba's dump to look at the packets

> 3) I have already blocked all Windows netbios comms to the Linux machine by using ipfwadm.
Yes this will stop packets on ports 137-139, but if M$ querys the
name server on your Linux box, named itself querys the internet.

Good Luck.

0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Lame BIND 9.3 10 69
linux, squid, exchange 14 175
Linux SSH Error 9 138
Setup static routes for IP address in CentOS 2 66
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question