DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 12th July 2010
Frothingdog Frothingdog is offline
New User
 
Join Date: Jul 2010
Posts: 9
Thanked 0 Times in 0 Posts
Default dns resolution being denied to some servers

I've a wierd problem that I can't figure out.

Our internal DNS server seems to be denying resolution to a few routers on our network and I can't figure out why.

resolv.conf is configured the same on all our routes, and all routers are in the master dns file.

We are onlly having problems with 8 of our routers (out of the 50 or so we are running)

Is there anything that springs to mind that would be causeing the problem?

Here's a snipet from the LOG file of the dns server:
Jul 12 11:53:51 nms named[8862]: client 1.2.3.4#37947: query (cache) 'router47/A/IN' denied
Jul 12 11:53:52 nms named[8862]: client 1.2.3.4#27328: query 'router47.ops.net/A/IN' denied
Jul 12 11:53:52 nms named[8862]: client 1.2.3.4#31182: query (cache) 'router47/A/IN' denied
Jul 12 11:54:11 nms named[8862]: client 1.2.3.10#37059: query (cache) 8.8.8.8.in-addr.arpa/PTR/IN' denied


Totally at a loss here.

Cheers
Morty
Reply With Quote
  #2   (View Single Post)  
Old 12th July 2010
Frothingdog Frothingdog is offline
New User
 
Join Date: Jul 2010
Posts: 9
Thanked 0 Times in 0 Posts
Default

further info:
DNS Server: OpenBSD nms.opts.net 3.9 GENERIC#617 i386 (yes I know it's old)

1 of the troubled routers:
OpenBSD router47.ops.net 4.5 NET5501#0 i386 (alittle newer )
Reply With Quote
  #3   (View Single Post)  
Old 12th July 2010
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,645
Thanked 214 Times in 189 Posts
Default

Since you insist on some mind reading, I'm going to take a wild guess that you need to review the Bind 9 Administrator Reference, and your named.conf file, or related configuration files. I'm going to guess you have some allow-query phrase somewhere which disallows resolutions.
Quote:
When used as an access control list, a non-negated match allows access and a negated match denies access. If there is no match, access is denied. The clauses allow-notify, allow-query, allow-transfer, allow-update, allow-update-forwarding, and blackhole all use address match lists this. Similarly, the listen-on option will cause the server to not accept queries on any of the machine's addresses which do not match the list.
If this isn't your problem, it's because I'm a poor mind reader.

(Hint) Try posting, at the very least, the dmesg of the system where the BIND server resides, and if you're using the built-in server, or, if you're using something else, such as a port of ISC's BIND 10.

While 3.9 might date from 2006, and has been unsupported since 2007, it was still using BIND 9. A different release of it then used today, 9.3.1 vs 9.4.2-P2.


(Second hint) If you want someone to review your DNS configuration, you will have to post it. I would post with obfuscated addresses/names for anything not on your private network.

Last edited by jggimi; 12th July 2010 at 05:45 PM.
Reply With Quote
  #4   (View Single Post)  
Old 12th July 2010
Frothingdog Frothingdog is offline
New User
 
Join Date: Jul 2010
Posts: 9
Thanked 0 Times in 0 Posts
Default

I apologize for the half-***ed post, but this was dumped on me because no one else go figure out why it wasn't working. I've very limited experience with bsd so I'm sorry for my ignorance.

Needless to say after reading your post I went looking around in our DNS server and finally came across the named.conf file. And guess what...it was being kept up to date on the acl for the routers.

So I updated the DNS names and the IP's and everything is working now.

See you are a mind reader you just needed some encouragment

Cheers and thanks again for the help.....next to time I'll be sure to post more info related to the topic in question.

Morty
Reply With Quote
  #5   (View Single Post)  
Old 12th July 2010
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,645
Thanked 214 Times in 189 Posts
Default

Glad to know I was of some help.

Usually I either give a detailed answer to the wrong question, or misunderstand the question entirely.
Reply With Quote
  #6   (View Single Post)  
Old 13th July 2010
rpindy rpindy is offline
Fdisk Soldier
 
Join Date: May 2010
Posts: 59
Thanked 1 Time in 1 Post
Default

By the way, if you do upgrade to 4.7, which I very highly recommend, you should completely reinstall as upgrades on the CDs would only go from 3.9 to 4.0 and so on. I also recommend following -stable. At the very least, don't let your server go that outdated!
Reply With Quote
  #7   (View Single Post)  
Old 15th July 2010
Frothingdog Frothingdog is offline
New User
 
Join Date: Jul 2010
Posts: 9
Thanked 0 Times in 0 Posts
Default

Well it ain't up to me. It's up to the powers that be.
We have several servers that need to be updated, OS and Hardware included.

But that would cost money. Actually that would cost quite a bit of money, hence why it hasn't been done yet.
Reply With Quote
  #8   (View Single Post)  
Old 15th July 2010
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,876
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by Frothingdog View Post
It's up to the powers that be.
Repeating jggimi's assertion, OpenBSD 3.9 is no longer supported. What you should emphasize to management is that the project proper has no obligation to provide support on this version any more, & any assistance you obtain from anyone is out of whatever altruism they may have in passing on information. If anything breaks, you are on your own.
Reply With Quote
  #9   (View Single Post)  
Old 16th July 2010
Frothingdog Frothingdog is offline
New User
 
Join Date: Jul 2010
Posts: 9
Thanked 0 Times in 0 Posts
Default

It's seems they are willing to risk it. Drives me nuts.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
/tmp on ram write denied gosha OpenBSD General 8 29th March 2009 04:46 PM
Permission denied (publickey). Help pls rex FreeBSD General 13 14th October 2008 08:54 PM
Tightvnc startup script not loading fonts - permission denied master-richie FreeBSD Ports and Packages 2 3rd August 2008 09:29 PM
Permission denied delboy FreeBSD Ports and Packages 11 24th May 2008 09:26 PM
FTPD User Access Denied wastedbreath FreeBSD General 7 21st May 2008 03:44 AM


All times are GMT. The time now is 11:10 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick