(Long) DNS Issues...

Hi guys,

Ok firing up the AP which was created as per the AP.
The name of the AP is called "Snuffy2".
The name of the Domain zone is "snuffy".

I have a laptop here which is connecting ok (getting an IP address) and having a nice strong signal (less than a metre away from the aerial) so am pretty sure it's not a connection issue.

Also the AP box has a connection to Xtra via a DSL router and that's got an IP address and is working sweet (the Mozilla browser is working fine via the GUI on the AP box itself). It just seems that I can't get any wireless clients to use DNS.

=========================================
NAMED.CONF
=========================================
// Example named.conf file
//
// Set default directory.
// Allow queries from the entire wireless network.
// Both of the IP addresses given in the section "forwarders" should be set to the DNS
// servers of your ISP.
// Set preference for DNS responses from the wireless network.

options {
directory "/var/named";
allow-query { 10.0.0.0/8; localhost; };
allow-recursion { 10.0.0.0/8; localhost; };
forward first;
forwarders {
203.97.33.1;
204.97.33.1;
};
topology {
10/8;
};
};

// Enable RNDC connections from this host.
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};

// This is the root servers zone file, already present on this system.
zone "." {
type hint;
file "named.ca";
};

// This is the localhost zone file, already present on the system.
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};

// This is the reverse zone file for localhost, already present on the system.
zone "0.0.127.in-addr.arpa" {
type master;
file "named.local";
allow-update { none; };
};

// This is the zone file for our wireless domain. Edit this entry to reflect your domain.
zone "snuffy.akld.nzwireless.org" {
allow-transfer { 10.0.0.0/8; localhost; };
allow-query { any; };
allow-update { none; };
type master;
file "snuffy.akld.nzwireless.org";
};

// This is the reverse zone file for our wireless domain. Edit it to reflect the IP network
// assigned to you. (note - in reverse! network 10.1.2.0 becomes 2.1.10.in-addr.arpa)
zone "4.23.10.in-addr.arpa" {
allow-transfer { 10.0.0.0/8; localhost; };
allow-query { any; };
allow-update { none; };
type master;
file "4.23.10.in-addr.arpa";
};

// A key file needs to be referenced for use by rndc.
include "/etc/rndc.key";
=========================================



=========================================
snuffy.akld.nzwireless.org
=========================================

;
; Example zone file for simon.akld.nzwireless.org
;
; Change "oob.wildstar.net" to your own email address e.g. "someone.yahoo.com"
;
$TTL 3D
@ IN SOA ns.snuffy.akld.nzwireless.org. scottmj.clear.net.nz. (
199802151 ; serial, todays date + todays serial #
8H ; refresh, seconds
2H ; retry, seconds
4W ; expire, seconds
1D ) ; minimum, seconds
;
NS accesspoint ; Inet Address of name server
;
localhost A 127.0.0.1
accesspoint A 10.23.4.1
ns A 10.23.4.1
TXT "Matts Wireless Gateway"
dhcp-01 A 10.23.4.10
dhcp-02 A 10.23.4.11
dhcp-03 A 10.23.4.12
dhcp-04 A 10.23.4.13
dhcp-05 A 10.23.4.14
dhcp-06 A 10.23.4.15
dhcp-07 A 10.23.4.16
dhcp-08 A 10.23.4.17
dhcp-09 A 10.23.4.18
dhcp-10 A 10.23.4.19
dhcp-11 A 10.23.4.20

=========================================



Can anyone see what might not be right?
Anything else I should be looking at? I'm sooo close :-)
Once this is set - I only have to set the box in an external location and the Devonport AP is set! :-)

Cheers
Matt.

Oh also, after posting that I have been doing a little more troubleshooting...

When doing an NSLOOKUP on the client pc (laptop) I am getting the following...
(Running NSLOOKUP and then looking for ´xtra.co.nz´

==========================================
> xtra.co.nz
Server: accesspoint.snuffy.akld.nzwireless.org
Address: 10.23.4.1

Non-authoritative answer:
Name: xtra.co.nz.snuffy2.akld.nzwireless.org
Address: 219.88.241.171
==========================================

Iḿ not sure about that IP - my other pcś don specify that addy.
and also not sure why itś giving ¨xtra.co.nz.snuffy2.akld.nzwireless.org¨ ???
This also happens when doing a nslookup on other sites... (like google.co.nz).

Help?

Matt.

Well, if this keeps up I should be solving it all by amount next week :-)

I have now figured out the problem with the DNS resolving. it seems the /var/named.conf was actual the default file. I had a modified version of this in the /root folder. I copied the contents of the /root/named.conf into /var/named.conf and rebooted the server and my client (just to be sure).

Now the client is resolving all of the domains I enter with the nslookup command. Yippeeeee!!

It seems I have one problem left though. I cannot ping any domains or IP Addresses from my client. I can ping from the Access Point (Snuffy2) ok but not my wireless client - which mean I still cannot access any webpages (I just get ´Request Timed Out´ messages).

Any ideas as what to look for to fix THIS problem?

Cheers
Matt.

Haha Well one last post before I go to bed... giving up for tonight.

Well, I have now determined that the /etc/sbin/iptables file wasn't set up right. I must have left it at it's default state when setting up the box...

I have now modified it but still cannot seem to get any http or ip traffic and I suspect this is my issue...

After reading the HOW-to a few more times I saw the NOCAT option. Should I pursue this or can someone give me some more pointers?

If you are interested and are following everything so far... heres some info...

======================================
INFO FROM IPTABLES - L command
======================================
[root@akl1ex1 root]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- 192.168.1.0/24 anywhere tcp dpt:ssh
DROP tcp -- !192.168.1.0/24 anywhere tcp dpt:ssh
ACCEPT icmp -- 192.168.1.0/24 anywhere
ACCEPT icmp -- 10.23.4.0/24 anywhere
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- alien.xtra.co.nz anywhere state ESTABLISHED udp spt:domain
ACCEPT tcp -- alien.xtra.co.nz anywhere state ESTABLISHED tcp spt:domain
ACCEPT udp -- terminator.xtra.co.nz anywhere state ESTABLISHED udp spt:domain
ACCEPT tcp -- terminator.xtra.co.nz anywhere state ESTABLISHED tcp spt:domain
ACCEPT udp -- 10.23.4.0/24 anywhere udp spts:bootps:bootpc dpts:bootps:bootpc
ACCEPT tcp -- 10.23.4.0/24 anywhere tcp dpt:http
ACCEPT tcp -- anywhere 10.23.4.0/24 tcp dpt:ftp
ACCEPT udp -- anywhere 10.23.4.1 state NEW,ESTABLISHED udp dpt:ftp
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp spts:1024:65535 dpts:1024:65535

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- 192.168.1.0/24 10.0.0.0/8
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@akl1ex1 root]#


====================================
TEXT INFO FROM THE LSMOD command
(Note the missing entry for "ip_REJECT" as per the HOW-TO)?????
====================================

[root@akl1ex1 root]# lsmod
Module Size Used by Not tainted
ide-cd 35712 0 (autoclean)
cdrom 33728 0 (autoclean) [ide-cd]
iptable_filter 2444 0 (autoclean) (unused)
ip_tables 15096 1 [iptable_filter]
hostap_pci 49300 1
hostap 86148 0 [hostap_pci]
hostap_crypt 2992 0 [hostap]
3c59x 30736 1
keybdev 2976 0 (unused)
mousedev 5556 1
hid 22276 0 (unused)
input 5888 0 [keybdev mousedev hid]
usb-uhci 26412 0 (unused)
usbcore 79072 1 [hid usb-uhci]
ext3 70784 2
jbd 51892 2 [ext3]
[root@akl1ex1 root]#


======================================

Gawd it's getting too late for all this... :-)

Cheers
Matt

Right, next update. I hope these posts will be useful for someone one day - that's why I'm posting verbosely anyways.

Anyhow, the other night I sat down and thought "I have no idea" - so I thought a bit latterally, and dowwnloaded a little Linux App called "Firestarter" - It's a linux firewall proggie and unpacked it and installed it.

One reboot later I was firing it up and configured the firewall to let ALL traffic through. SUCESS!! My laptop was now able to ping stuff, resolve stuff and get onto the net and do everything that my normal DSL accoutn could do.

However, there seems to be a down side. I cannot configure the apps to block out certain thing like ports, ip's, pc's, etc. So it's a case of either ALL ON, or ALL OFF. Hmmm.... further investigation is required.

A bit of info for all you following this plight...

After setting up Firestarter, I found that if then go to a terminal (I'm using the GUI remember) and type 'service iptables stop' everything stops ok. (I then lose connection at the laptop. I then type 'service iptables start' and the services startup ok. However the laptop connection is still dead. I'm thinking that Firestarter must be changing a file that I don't know about (the files mentioned in my posts above). If I then start up Firestarter again the connection to the laptop comes back to life. Any ideas on what to look for? The search engine can't look for files outside of the current folder - so I am unable to search for all of the files modified within a certain date range.

Damn, I'm so close!!

Cheers
Matt