LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   RH9-problem with browsing Internet: domain names-errors, using IP-OK. (https://www.linuxquestions.org/questions/linux-newbie-8/rh9-problem-with-browsing-internet-domain-names-errors-using-ip-ok-530720/)

o-circ 02-20-2007 08:43 AM

RH9-problem with browsing Internet: domain names-errors, using IP-OK.
 
I'm new to Linux and I have a problem with browsing the Internet. I have RedHat 9 and I'm connected to the Internet through a router.

When I use domain names in Mozilla or Nautilus, I get errors. When I navigate using "direct" IP numbers, everything seems to be OK. Furthermore, I cannot ping sites by their names, although dig, host and nslookup return no errors.

My DNS is set to the same address I have set under Win XP on the same computer - and under Win name solving works fine.

(I have VIA VT86c100A Rhine-II PCI network card, if this information can help)

Any help would be great.

win32sux 02-20-2007 12:55 PM

welcome to LQ!!! :)

please post the output of:
Code:

cat /etc/resolv.conf
if you try to ping a domain name, do you get an "unknown host" error like this??
Code:

win32sux@candystore:~$ ping google.com
ping: unknown host google.com


o-circ 02-20-2007 02:28 PM

Hi,

This is cat output:

; generated by /sbin/dhclient-script
nameserver 192.168.2.1
search agpg

And yes, I get exactly the error you described, "unknown host".

win32sux 02-20-2007 03:49 PM

well, considering your resolv.conf looks fine, i'd say it could be either your local iptables rules or perhaps your dns resolver is bugging-out... you can check (and post) your iptables rules with:
Code:

iptables -L -v -n
as for your resolver possibly needing a bugfix update (it's a long-shot), the problem is that Red Hat 9 hasn't been supported/maintained in a LONG time... so i'm wondering if perhaps you are able to upgrade to a supported/mainitained distro - not so much cuz of this DNS issue, but for security and an overall better experience... in any case, i'm sure someone smarter than me will have some other suggestions for you, so hang in there...

o-circ 02-21-2007 05:06 AM

As a matter of fact, I don't get much of my iptables' output, which is
Code:

[root@agpg root]# iptables -L -v -n
Chain INPUT (policy ACCEPT 28 packets, 1540 bytes)
 pkts bytes target    prot opt in    out    source              destination
 7191  491K RH-Lokkit-0-50-INPUT  all  --  *      *      0.0.0.0/0            0.0.0.0/0
 
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target    prot opt in    out    source              destination
    0    0 RH-Lokkit-0-50-INPUT  all  --  *      *      0.0.0.0/0            0.0.0.0/0
 
Chain OUTPUT (policy ACCEPT 7213 packets, 492K bytes)
 pkts bytes target    prot opt in    out    source              destination
 
Chain RH-Lokkit-0-50-INPUT (2 references)
 pkts bytes target    prot opt in    out    source              destination
    0    0 ACCEPT    udp  --  *      *      192.168.2.1          0.0.0.0/0          udp spt:53 dpts:1025:65535
    3  984 ACCEPT    udp  --  eth0  *      0.0.0.0/0            0.0.0.0/0          udp spts:67:68 dpts:67:68
    0    0 ACCEPT    udp  --  eth1  *      0.0.0.0/0            0.0.0.0/0          udp spts:67:68 dpts:67:68
 7157  488K ACCEPT    all  --  lo    *      0.0.0.0/0            0.0.0.0/0
    0    0 REJECT    tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpts:0:1023 flags:0x16/0x02 reject-with icmp-port-unreachable
    0    0 REJECT    tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpt:2049 flags:0x16/0x02 reject-with icmp-port-unreachable
    3  689 REJECT    udp  --  *      *      0.0.0.0/0            0.0.0.0/0          udp dpts:0:1023 reject-with icmp-port-unreachable
    0    0 REJECT    udp  --  *      *      0.0.0.0/0            0.0.0.0/0          udp dpt:2049 reject-with icmp-port-unreachable
    0    0 REJECT    tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpts:6000:6009 flags:0x16/0x02 reject-with icmp-port-unreachable
    0    0 REJECT    tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpt:7100 flags:0x16/0x02 reject-with icmp-port-unreachable

I'm trying to learn basics of Linux on RH; I thought about switching to another distribution, but I want to deal with this DNS problem first - I've spent lots of time trying to fix it and I don't want to give up now. :)

I hope my iptables can help; I'm kind of confused and I don't really know what to do with the results.

Best regards,
o-circ

win32sux 02-21-2007 01:55 PM

okay, well, let's rule-out an iptables issue by using some super-simple rules... execute this script and see if it helps... this script basically just sets some sane policies, clears all your chains, and sets two known-good rules... make sure you check that the script executed properly by doing another "iptables -L -v -n" right after...
Code:

#!/bin/sh

IPT="/sbin/iptables"

$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT ACCEPT

$IPT -t mangle -P PREROUTING ACCEPT
$IPT -t mangle -P INPUT ACCEPT
$IPT -t mangle -P FORWARD ACCEPT
$IPT -t mangle -P OUTPUT ACCEPT
$IPT -t mangle -P POSTROUTING ACCEPT

$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT

$IPT -F
$IPT -F -t nat
$IPT -F -t mangle

$IPT -X
$IPT -X -t nat
$IPT -X -t mangle

$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -A INPUT -i lo -j ACCEPT

make sure you don't reboot before testing, cuz these rules will be lost upon reboot if not saved...

v00d00101 02-21-2007 03:31 PM

The simplish solution is to find out the DNS server your ISP uses, should be x.x.x.x where x = 1-254.

If you want to test if it works, try.

Code:

nameserver 192.168.2.1

to

nameserver 194.106.33.42

If it works, then find out your ISP's DNS server IP, and put it in the file instead of the one i gave you. It can be found in your router or on google.

o-circ 02-22-2007 04:33 AM

Hi,

changing DNS into "external" one solved the problem! Everything works fine now (at least I hadn't found anything wrong till now).

Thanks a lot, v00d00101! And thanks to you, win32sux - now I know a little bit more about Linux. :)




Would you be so kind and tell me, how to switch off DNS auto-detection? I don't like the idea of changing resolv.conf every time I reboot...

Cheers,
o-circ

PS: Funny, it was the first post I could write under Linux. :)

win32sux 02-22-2007 01:43 PM

hehe, glad you got it working, even though it's more of a work-around than a solution... not sure why you are experiencing this, perhaps it's an issue with the leases on your router or something... in any case, you could give your box a static IP configuration to achieve what you want... but if you truly want to leave it on DHCP but prevent resolv.conf from getting written to, then i'd imagine a quick and dirty way to achieve that is giving it read-only permissions like:
Code:

chmod 400 /etc/resolv.conf
keep in mind i haven't tested to see how well this works...

o-circ 02-23-2007 10:33 AM

I changed resolv.conf permissions with success, but the script ignored it somehow (?!) and overwrote my settings...

But another solution was found: adding this
Code:

echo nameserver x.x.x.x > /etc/resolv.conf
after every call to make_resolv_conf in /sbin/dhclient-script fixes the problem. It's quite crude, I admit, but effective. :)

Thanks again for helping me!
o-circ


All times are GMT -5. The time now is 08:44 AM.