[UCIMC-Tech] DNS problem at IMC (clue toward fix)
Josh King
joshuaheretic at gmail.com
Thu Feb 28 20:15:55 CST 2008
Hey Jay and Stuart,
Unfortunately, there's just no good way to automatically manage both an
internal and external DNS. We use a "split-horizon" setup, so that
traffic for websites hosted at the IMC can go directly to the webserver
(192.168.11.11) instead of out through the firewall (192.168.11.1, which
also hosts the internal DNS), which eases the load on said firewall. But
this means that when the external DNS is updated, the internal still has
to be tweaked by hand, and this doesn't receive the attention it
deserves (especially since we've been meaning to redo the firewall setup
for a while now). I fixed anti-war.net a few days ago, and
books2prisoners should be working now as well. Sorry about the
inconvenience, and let me know if you're still having problems.
Stuart Levy wrote:
> On Thu, Feb 28, 2008 at 04:58:10PM -0600, Jay Schubert wrote:
>> Techsters,
>>
>> Can anyone make an educated guess as to why books2prisoners.org doesn't
>> resolve properly from the IMC?
>
> I've seen this kind of thing too -- it likewise doesn't work to
> resolve http://www.anti-war.net/ from inside the IMC either.
>
>
> Using "host -d www.books2prisoners.org" on the inside vs. outside shows the difference:
>
>>From the "inside IMC" nameserver, which seems to be at IP addr 192.168.11.1:
>
> ;; ANSWER SECTION:
> www.books2prisoners.org. 300 IN A 72.22.69.10
>
> ;; ADDITIONAL SECTION:
> ns.chambana.net. 300 IN A 74.134.241.116
> ns2.chambana.net. 300 IN A 74.134.241.116
>
> Received 136 bytes from 192.168.11.1#53 in 1 ms
> Trying "www.books2prisoners.org"
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52043
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;www.books2prisoners.org. IN AAAA
>
> ;; AUTHORITY SECTION:
> books2prisoners.org. 300 IN SOA ns.chambana.net. hostmaster.chambana.net. 2006082411 300 300 400 300
>
> (note the date on the SOA record -- some time in 2006)
>
>
> Meanwhile, from outside the IMC, we're seeing a different copy of the books2prisoners.org zone:
>
> [...]
>
> ;; ANSWER SECTION:
> www.books2prisoners.org. 1800 IN A 64.198.208.11
>
> ;; AUTHORITY SECTION:
> books2prisoners.org. 3600 IN NS dns1.name-services.com.
> books2prisoners.org. 3600 IN NS dns2.name-services.com.
> [...]
>
> ;; ADDITIONAL SECTION:
> dns1.name-services.com. 38569 IN A 69.25.142.42
> dns2.name-services.com. 38569 IN A 216.52.184.248
> [...]
>
> ;; AUTHORITY SECTION:
> books2prisoners.org. 1800 IN SOA dns1.name-services.com. info.name-services.com. 2002050701 10001 1801 604801 181
>
>
> Likewise for anti-war.net.
>
> I bet that whatever IMC machine is at 192.168.11.1, it has a copy
> of the zone files for books2prisoners.org and anti-war.net (others too?)
> and is claiming authority for them even though the data is stale.
>
> Guessing that it's running BIND, the config file is probably
> /etc/namedb/named.conf or something in that directory. Could someone
> get rid of stale zones and give the server a kick?
>
> Thanks
>
> Stuart
> _______________________________________________
> IMC-Tech mailing list
> IMC-Tech at lists.ucimc.org
> http://lists.chambana.net/cgi-bin/listinfo/imc-tech
--
Josh King
--
josh at ucimc.org
--
System Administrator, Chambana.net (http://www.chambana.net)
--
"I am an Anarchist not because I believe Anarchism is the final goal,
but because there is no such thing as a final goal." -Rudolf Rocker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
Url : http://lists.chambana.net/mailman/archive/imc-tech/attachments/20080229/a03cf3f7/signature.pgp
More information about the IMC-Tech
mailing list