[K12OSN] Blocked net access
David Whitmer
thewhitmers at gmail.com
Tue Jan 16 12:43:19 UTC 2007
On 1/15/07, Les Mikesell <les at futuresource.com> wrote:
>
> The dhcp clients should be getting the k12ltsp server's address
> as the DNS server as well as the default gateway. You should
> see this with the ipconfig /all. The server itself will do
> its own lookups (and thus those for thin clients) based on the
> 'nameserver' entries in its /etc/resolv.conf file and the local
> /etc/hosts file can override those lookups. However, to act
> as a nameserver for other machines, you must have the named
> program running and configured properly. Some tests you can
> do:
> service named restart
> If you don't see the 'OK' during the shutdown step, it wasn't
> running and you need to 'chkconfig named on'. If there are
> errors in the startup you need to fix /etc/named.conf file.
> dig
> will show the root servers based on lookups from a server
> in /etc/resolv.conf. If this works but
> dig @localhost
> does not work, your nameserver can't reach the root servers.
> One thing that might cause that is firewalling at your internet
> gateway. You may have to add the nameservers listed in your
> /etc/resolv.conf (which seem to be working) and add them as
> 'forwarders' in your /etc/named.conf file. This will make your
> named pass the queries to the specified (and reachable) servers
> instead of attempting the lookups directly. Once you have named
> working on the server, the clients behind it should also work,
> which you can test with 'nslookup some_internet_name'.
>
> --
> Les Mikesell
> les at futuresource.com
>
Les,
I followed your recommendations but was still not having any success.
As I was getting ready to add "forwarders" to /etc/named-k12ltsp.conf
(there doesn't seem to be a named.conf) I noticed the following option
commented out under options:
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
I uncommented the query-source-address, restarted named, and like
magic name lookups from the Windows client, whether using ping or a
web browser, began working.
Though it seems I may actually have been having a firewall issue, I
nonetheless learned a lot about working with name servers.
Thanks for your help everyone!
David Whitmer
More information about the K12OSN
mailing list