[UCIMC-Tech] DNS problem at IMC (clue toward fix)

Jay Schubert jay.schubert at gmail.com
Sun Mar 23 17:06:27 CDT 2008 

Thanks Josh,

yes.  books2prisoners site is working fine from inside the IMC now.

- Jay

On Thu, Feb 28, 2008 at 8:15 PM, Josh King <joshuaheretic at gmail.com> wrote:

> Hey Jay and Stuart,
>
> Unfortunately, there's just no good way to automatically manage both an
> internal and external DNS. We use a "split-horizon" setup, so that
> traffic for websites hosted at the IMC can go directly to the webserver
> (192.168.11.11) instead of out through the firewall (192.168.11.1, which
> also hosts the internal DNS), which eases the load on said firewall. But
> this means that when the external DNS is updated, the internal still has
> to be tweaked by hand, and this doesn't receive the attention it
> deserves (especially since we've been meaning to redo the firewall setup
> for a while now). I fixed anti-war.net a few days ago, and
> books2prisoners should be working now as well. Sorry about the
> inconvenience, and let me know if you're still having problems.
>
> Stuart Levy wrote:
> > On Thu, Feb 28, 2008 at 04:58:10PM -0600, Jay Schubert wrote:
> >> Techsters,
> >>
> >> Can anyone make an educated guess as to why books2prisoners.org doesn't
> >> resolve properly from the IMC?
> >
> > I've seen this kind of thing too -- it likewise doesn't work to
> > resolve http://www.anti-war.net/ from inside the IMC either.
> >
> >
> > Using "host -d www.books2prisoners.org" on the inside vs. outside shows
> the difference:
> >
> >>From the "inside IMC" nameserver, which seems to be at IP addr
> 192.168.11.1:
> >
> >     ;; ANSWER SECTION:
> >     www.books2prisoners.org. 300    IN      A       72.22.69.10
> >
> >     ;; ADDITIONAL SECTION:
> >     ns.chambana.net.        300     IN      A       74.134.241.116
> >     ns2.chambana.net.       300     IN      A       74.134.241.116
> >
> >     Received 136 bytes from 192.168.11.1#53 in 1 ms
> >     Trying "www.books2prisoners.org"
> >     ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52043
> >     ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1,
> ADDITIONAL: 0
> >
> >     ;; QUESTION SECTION:
> >     ;www.books2prisoners.org.       IN      AAAA
> >
> >     ;; AUTHORITY SECTION:
> >     books2prisoners.org.    300     IN      SOA     ns.chambana.net.
> hostmaster.chambana.net. 2006082411 300 300 400 300
> >
> > (note the date on the SOA record -- some time in 2006)
> >
> >
> > Meanwhile, from outside the IMC, we're seeing a different copy of the
> books2prisoners.org zone:
> >
> >     [...]
> >
> >     ;; ANSWER SECTION:
> >     www.books2prisoners.org. 1800   IN      A       64.198.208.11
> >
> >     ;; AUTHORITY SECTION:
> >     books2prisoners.org.    3600    IN      NS
> dns1.name-services.com.
> >     books2prisoners.org.    3600    IN      NS
> dns2.name-services.com.
> >     [...]
> >
> >     ;; ADDITIONAL SECTION:
> >     dns1.name-services.com. 38569   IN      A       69.25.142.42
> >     dns2.name-services.com. 38569   IN      A       216.52.184.248
> >     [...]
> >
> >     ;; AUTHORITY SECTION:
> >     books2prisoners.org.    1800    IN      SOA
> dns1.name-services.com. info.name-services.com. 2002050701 10001 1801
> 604801 181
> >
> >
> > Likewise for anti-war.net.
> >
> > I bet that whatever IMC machine is at 192.168.11.1, it has a copy
> > of the zone files for books2prisoners.org and anti-war.net (others too?)
> > and is claiming authority for them even though the data is stale.
> >
> > Guessing that it's running BIND, the config file is probably
> > /etc/namedb/named.conf or something in that directory.  Could someone
> > get rid of stale zones and give the server a kick?
> >
> > Thanks
> >
> >    Stuart
> > _______________________________________________
> > IMC-Tech mailing list
> > IMC-Tech at lists.ucimc.org
> > http://lists.chambana.net/cgi-bin/listinfo/imc-tech
>
> --
> Josh King
> --
> josh at ucimc.org
> --
> System Administrator, Chambana.net (http://www.chambana.net)
> --
> "I am an Anarchist not because I believe Anarchism is the final goal,
> but because there is no such thing as a final goal." -Rudolf Rocker
>
>
>
> _______________________________________________
> IMC-Tech mailing list
> IMC-Tech at lists.ucimc.org
> http://lists.chambana.net/cgi-bin/listinfo/imc-tech
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.chambana.net/mailman/archive/imc-tech/attachments/20080323/392ff9f4/attachment.htm

More information about the IMC-Tech mailing list