On Wed, Feb 06, 2002 at 09:37:56AM -0500, Russ Herrold wrote:
> On Tue, 5 Feb 2002, Paul M Foster wrote:
>
> > Failing to reach the primary (fake) nameserver, won't this
> > essentially result in the same thing, but with a slight delay? Are you
> > saying that adding a fake internal DNS server to resolv.conf will keep
> > telnet/ssh et al from causing the server to dail out?
>
> ... no -- I am saying that you may them snipp the iethernet on
> the internal net, and see the query -- sniffinf the ppp0
> interface is a bit harder
>
Well I tried what you mentioned, and the result was the same, as I
suspected. Either way I can still see the query go across. In fact, I
concluded that both telnet and ssh use the same mechanism, whereas ping
does not. I suspect it's the resolver library that's doing this, and
Robert and you may be right that it requires nsswitch.conf to make this
all right. Still, it's aggravating.
> > It seems, from the posts on this thread, that DNS is the culprit here.
> > But if DNS won't follow its own dang config file, doesn't it seem like
> > it's well and truly broken? I mean this is a pretty simple problem--
> > internal IP x asks for IP of machine y. Check host.conf.
>
> There are several approaches to DNS and hosts.conf is an
> vertigial appendix -- some old application may still use it,
> but /etc/nsswitch.conf is (more) commonly referred to by the
> resolver libraries -- compounding the matter is there is a BSD
> and a SysV way of doing things, and they are (of course) not
> totally consistent. The ancient Unix schisms and NIH syndrome
> are in play as well.
>
> > Says look at
> > hosts file first. Look at hosts file. Is y there? Yes. Return
> > appropriate IP. Do not pass go, do not collect $200. And whatever you
> > do, don't try to query some internet name server. How hard could this
> > be? Particularly when DNS has been around for so long?
> >
> > Or am I missing something?
>
> dunno -- Before you found out that there are dark corners with
> crufty code, did you feel like your life was incomplete?
> <big grin>
>
Version 1:
Oh mah, suh, you cain't be tellin' me that theyuhs crufty code on mah
Linux box. Why, I just cain't believe theyat! <tear falls from eye>
Version 2:
Well, doc, I've always had this fixation...
> I solve the problem by running a fully set up DHCP and DHS
> pair of servers for my inside network -- but then, it is
> completely possible that the link-up to upstream top-level DNS
> servers would _still_ happen -- As I said, 80% of the time, it
> is DNS.
>
This sounds nifty. And when I finish my post-doctoral thesis on the
mating habits of positrons in captivity, I'll get right on this.
Umm, I don't suppose that setting all this up is anything resembling a
_simple_ operation, is it? (Why do I ask these goofy questions?)
Paul
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 15:44:33 EDT