SOLVED: Re: Named seems to have broken SSL

A. Rick Anderson a_rick at earthlink.net
Fri Jan 21 11:59:00 UTC 2005 

Paul Howarth wrote:

>On Fri, 2005-01-21 at 01:38 -0500, A. Rick Anderson wrote:
>  
>
>>>For some reason, certain external routes, particularly https routes,
>>>are being resolved to localhost.  Then my browsers are attempting to
>>>open an SSL connection with localhost.  Since the only certificate
>>>that local host has is the default certificate, that is the
>>>certificate presented, and the communication fails, since local host
>>>doesn't have the URI that the browser is attempting to load.
>>>
>>>So, my DNS configuration is now resolving external hosts locally,
>>>but it still can't resolve local dynamic workstations.  <sigh> 
>>>      
>>>
>>Would you believe that the fix was as simple as changing the order of
>>the name servers in my /etc/resolve.conf file?  Why would it hang up
>>on the first name server for some of the hosts, but not all of them?
>>Too much freking magic! 
>>
>>TBL: Don't list your local name server first in /etc/resolv.conf.
>>-- A. Rick Anderson
>>    
>>
>
>If your local nameserver is supposed to be able to resolve external
>names (this is usually the case) then your local nameserver is broken.
>Moving it so it's not the first listed nameserver in /etc/resolv.conf
>just means you won't notice the problem so much, not that it's gone
>away.
>  
>
You are correct.  My name server _is_ broken.  That was the point of the 
thread "RE: DNS not resolving DHCP clients".  I attached named.conf, 
dhcpd.conf and my zone maps to the previous thread, but so far, no one 
who has reviewed them, has been able to determine anything that is wrong 
with them.  I am running with SELINUXTYPE=strict and SELINUX=disabled.  
When I switched back to a chroot cage, I had to add 
named_write_master_zones=1 to /etc/selinux/strict/booleans, because the 
named start up script was complaining.  The whole selinux/policy thing 
is an area I haven't delved into yet, so I don't really understand what 
that is all about.  But I don't think that is related, and other then 
that, my domain is pretty trivial and straight forward.

-- A. Rick Anderson

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050121/b29b5f75/attachment-0001.htm>

More information about the fedora-list mailing list