On Nov 22, 2007 11:29 PM, Bill Larson <email@hidden> wrote:
Interestingly i managed to sort out the issue, it was due to some
badly written routing rules. i'll answer the questions never the less
as it may prove useful to someone reading the archives.
> I'm confused here. Do you mean that you have put 192.168.1.2 in the
> list of DNS servers on a client machine or that you have copied all
> of the DNS configuration/data files to a client machine and tried to
> start the server on a client?
192.168.1.2 was and is a working DNS server.
> If the situation is the first, and you have already said that you
> don't have a firewall running on your server, then the question comes
> as to what is actually occurring. Is there a networking issue?
The network seems fine, the clients could share files with the server,
ping and ssh it without any problems. The only issue was that the
clients were not able to surf the net. The reason being the clients
were looking to 192.168.1.2 for DNS the same machine has a line from
my ISP and is acting as a DNS forwarder.
> the DNS server really running?
yes. i believe i posted the netstat -an
>Is the DNS server actually listening
> for queries?
yes. i posted the DNS server logs as well.
> I'd suggest stopping your DNS server and then restarting it. Stop
> the server and run "ps -auxww | grep named" to check that there is no
> running DNS server. (It is possible to run more than one DNS server!)
:-) did that too but at the end it was a bit of routing foo that had gone wrong.
> Take a look at what the logs tell you. If there is a problem
> starting named, this is where to look for the "why".
named started just fine. Logs did not tell any errors to indicate
named was failing in fact it showed the queries properly. i posted
those as well.
> If the logs indicate that "named" started, then is it listening? Run
> "netstat -n | grep 53". You should see something similar to:
>
> HiTek:~ blarson$ netstat -n | grep 53
> udp4 0 0 *.5353 *.*
> udp4 0 0 192.168.1.100.53 *.*
> udp4 0 0 127.0.0.1.53 *.*
> udp6 0 0 *.5353 *.*
> udp4 0 0 *.5353 *.*
>
> The "192.168.1.100.53" line says that there is a DNS server (port 53)
> listening on the 192.168.1.100 IP address. This server is also
> listening on the 127.0.0.1, localhost, address.
Did that. named was running just fine.
> Now, run "dig @192.168.1.2 www.yahoo.com" on one of your client
> machines. Don't worry about changing the list of DNS servers yet,
> just make sure that the server will answer when queried.
Did that answers were coming properly but the client browsers could
not reach any websites. The wouldn't even give an error, they would
just keep searching and eventually time out.
> Does it work? Yes, then change the list of servers to just this one
> server on one of your client machines and run "dig www.yahoo.com"
> again. You should get a result and the output from dig will show
> that you were querying your DNS server at 192.168.1.2. (You will get
> a line similar to ";; SERVER: 192.168.1.100#53(192.168.1.100)" as
> part of the output from dig. This tells you exactly what DNS server
> was queried.) You should now be done.
>
> Does the "dig @192.168.1.2 www.yahoo.com" DNS query fail? Ok, now
> you need to troubleshoot why your client is unsuccessful at talking
> to your DNS server. Is your server and the client on the same
> subnet? (If not, maybe you have a firewall between the two machines
> that isn't allowing the DNS traffic.)
>
> Troubleshooting this will require a disciplined approach.
Yes it does. So at the end of the day i did a tcpdump and saw checksum
errors which indicated something was going wrong at the data packet
level(Network Layer) itself. The next step was to check I.P addresses,
Subnet Masks, and routes and bam - i got the problem.
>Again,
> check that the server can query itself using both the network and
> localhost addresses. Then step out one step and double check that
> the server can be queried by another machine on the same subnet. The
> check that the server can be queried by another machine on another
> subnet (if your network has them).
That was working fine.
Anyway - many thanks too all on the list who read my mail and special
thanks to William Strucke and Bill Larson for responding :-)
Thanks again!
Regards,
- vihan
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden
