LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-11-2005, 08:03 AM   #1
codec
Member
 
Registered: Sep 2003
Location: mad.es.eu
Distribution: ubuntu 5.04 knoppix Slack91/10 freebsd51 vector4 redhat9
Posts: 304

Rep: Reputation: 30
dns caching?


I have installed dnsmasq to this (miserable 56k) gateway PC but it isn't working:

/etc/network/interfaces:
auto lo
iface lo inet loopback

mapping hotplug
script grep
map eth0

iface ppp0 inet ppp
provider ppp0

iface eth0 inet static
address 192.168.xyz.1
netmask 255.255.255.0
network 192.168.xyz.0
auto eth0

/etc/network/options:
ip_forward=yes
spoofprotect=yes
syncookies=no

the client's /etc/network/interfaces:
iface eth0 inet static
address 192.168.xyz.2
netmask 255.255.255.0
network 192.168.xyz.0
gateway 192.168.xyz.1

when I remove my isp's DNS server from client and use 192.168.xyz.1 in /etc/resolv.conf, I cannot ping to web site like google.com anymore.

Is anything wrong?
 
Old 06-11-2005, 08:55 AM   #2
masand
LQ Guru
 
Registered: May 2003
Location: INDIA
Distribution: Ubuntu, Solaris,CentOS
Posts: 5,522

Rep: Reputation: 69
u need to have caching nameserver package installed and then
start named service
 
Old 06-11-2005, 08:57 AM   #3
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
what command are you using to start dnsmasq??

make sure dnsmasq is running:
Code:
ps aux | grep dnsmasq
make sure the dnsmasq daemon is listening:
Code:
netstat -an | grep LISTEN
(you should see a listen on UDP 0.0.0.0:53)


make sure the IPtables rules on the gateway are allowing port 53/UDP connections from the LAN in the INPUT chain:
Code:
iptables -L

Last edited by win32sux; 06-11-2005 at 09:00 AM.
 
Old 06-11-2005, 08:59 AM   #4
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally posted by masand
u need to have caching nameserver package installed and then
start named service
he's using dnsmasq, he doesn't need any "named" service AFAIK...
 
Old 06-11-2005, 10:18 AM   #5
masand
LQ Guru
 
Registered: May 2003
Location: INDIA
Distribution: Ubuntu, Solaris,CentOS
Posts: 5,522

Rep: Reputation: 69
maybe u r right

i did that with caching nameserver
i have not used dnsmasq

regards
 
Old 06-13-2005, 06:28 AM   #6
codec
Member
 
Registered: Sep 2003
Location: mad.es.eu
Distribution: ubuntu 5.04 knoppix Slack91/10 freebsd51 vector4 redhat9
Posts: 304

Original Poster
Rep: Reputation: 30
It isn't listening to port 53, what should I do?

netstat -an | grep LISTEN

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN
tcp6 0 0 :::53 :::* LISTEN

(simple connection without firewall :P)
iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- nsampen1.lo.nuria.telefonica-data.net anywhere tcp flags:!SYN,RST,ACK/SYN
ACCEPT udp -- nsampen1.lo.nuria.telefonica-data.net anywhere
ACCEPT tcp -- nsamrro1.lo.nuria.telefonica-data.net anywhere tcp flags:!SYN,RST,ACK/SYN
ACCEPT udp -- nsamrro1.lo.nuria.telefonica-data.net anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
NR all -- !217.124.84.42 anywhere
DROP all -- anywhere 255.255.255.255
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
LS all -f anywhere anywhere limit: avg 10/min burst 5
INBOUND all -- anywhere anywhere
INBOUND all -- anywhere 192.168.192.1
INBOUND all -- anywhere 217.124.84.42
INBOUND all -- anywhere 192.168.192.255
LOG all -- anywhere anywhere LOG level info prefix `Unknown '

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
OUTBOUND all -- anywhere anywhere
ACCEPT tcp -- anywhere 192.168.192.0/24 tcp dpts:1024:65535 state RELATED,ESTABLISHED
ACCEPT udp -- anywhere 192.168.192.0/24 udp dpts:1023:65535 state RELATED,ESTABLISHED
LOG all -- anywhere anywhere LOG level info prefix `Unknown '

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 217.124.84.42 213.0.184.85 tcp dpt:domain
 
Old 06-13-2005, 05:50 PM   #7
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
it looks like it's listening... here's a better way to see it:
Code:
netstat -an | grep udp | grep 53
on my box (with dnsmasq on it) it looks like this:
Code:
win32sux@darkstar:~$ netstat -an | grep udp | grep 53
udp        0      0 0.0.0.0:53              0.0.0.0:*
anyhow, it looks like it's your iptables rules which might be blocking the UDP packets from coming and going... if you post your iptables script i can try and spot the problem for you...

BTW, it seems like you have IPv6 enabled... you might wanna disable that unless you are actually using it...

just my ...
 
Old 07-04-2005, 06:02 PM   #8
codec
Member
 
Registered: Sep 2003
Location: mad.es.eu
Distribution: ubuntu 5.04 knoppix Slack91/10 freebsd51 vector4 redhat9
Posts: 304

Original Poster
Rep: Reputation: 30
Thanks. It work again when I remove firestarter.

I just remember that I have installed firestarter, it should have done something (to iptables) even if it isn't running
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
DNS caching under NetBSD e13438 *BSD 0 11-13-2005 03:22 PM
DNS is not caching Mike Healan Mandriva 4 12-24-2004 08:53 PM
DNS still slow after installing caching DNS mooreted Linux - Networking 16 01-01-2004 12:18 AM
need help to set up caching only dns server to with bogus DNS entries ullas Linux - Networking 1 10-28-2003 01:54 PM
Caching DNS lookups vikasa Linux - Networking 0 06-26-2003 12:30 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:47 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration