Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Q: Is there a way to turn "OFF" forced authoritative reverse DNS lookups in XDM on SuSE 9.2? RedHat works fine and accpets non-authoritative reverse DNS lookup replies. Apparently SuSE is much more security conscious, to our chagrin. It seems to ALWAYS want to contact the "authoritative" server for a domain to get reverse lookups satisfied. Internal lab hosts on private networks suffer as a result since they are not in DNS when queried from hosts external to the lab.. Details below.
We have external corporate network hosts on subnet A ( example: 123.143.92.x) which are unknown in DNS to lab networks, (ex: 10.100.4.x) on subnet B. Each have their own domain for which they are authoritative and company policy will not allow any lab interaction of any sort with lab networks. Proxies and switch VLANs allow the handling of traffic between the 2 networks. A proxy using NAT and a caching nameserver handles outbound DNS queries as if they were being answered by the proxy, hence lab get the proper DNS query responses, even though they are on an unknown network.
When RedHat ES4 hosts running XDM are queried by an external corporate host on 123.143.92.x, they reference the appropriate internal nameserver which forwards to the proxy, yielding an non-authoritative response for reverse record lookups. RedHat is quite happy the name given by the reverse lookup and hence allows XDM displays to open up.
SuSe EL9.2 however is not so forgiving. Traced code show that the queries coming back from the non-authoritative name server are followed by a request from SuSE XDM for an "authoritative" answer for that name. It gets the right name, but wants MORE. The internal lab DNS servers responds with the name of the authoritative server, and SuSE XDM tries to go directly to that host to obtain the authoritative reverse lookup. This circumvents the /etc/resolv.conf file and the DNS proxy host and forces the queried XDM host to send for a response to the corporate DNS server. The corporate DNS server of course doesn't recognized the lab host query IP since it is unknown to it. So, the "computed display" from XDM debug info comes back as 0.0.0.0 due to the inability to get an authoritative answer.
Is there a way to circumvent this default setting either within the X11 settings, startup config, or by using some other architecture changes to make the SuSe 9.2 reverse lookups succeed so that our users can get X displays to lab hosts from the corporate network desktops? (corp Windows XP client using Cygwin "x -query host.IP", ala "x -query 10.100.1.41") (Similar to Xwin32 and Xdeep)
Basic problem XDM debug on lab host:
header: 1 10 23^M
Manage Session ID 331888001, pdpy 0x8071ae0^M
Computed display name: 0.0.0.0:0^M
ConvertAddr returning 0 for family 10^M
Starting display 0.0.0.0:0,MIT-unspecified^M
GDM is a replacement for XDM, the X Display Manager.
Unlike its competitors (X3DM, KDM, WDM) GDM was written
from scratch and does not contain any original XDM / X
Consortium code. GDM runs and manages the X servers for
both local and remote logins (using XDMCP). See http://www.jirka.org/gdm.html for more details.
So, after hacking through /etc/opt/gnome/gdm/gdm.conf and /etc/sysconfig/displaymanager, I finally got an Xserver to come up from a Cygwin/XWin32
request from a coporate host.
I will be putting the tweaks to the other swdev servers so that hosts will be accessible and have extensive logging enabled via Gnome. Note that
the default desktop you will get is still KDE.... It's just the "Display Manager" that must be GNOME. None of the /etc/X11/xdm/xdm-config files will
be used and there is no "authoritative" DNS requests to the corporate server for reverse lookup names on IP addresses.
Note that to startup up GDM, you still have to use /etc/init.d/xdm restart and it uses the selection of GDM from /etc/sysconfig/displaymanager
(set by hand as the required display manager)