[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: named/bind vs. /etc/hosts.deny -- can't verify hostname

Will,

A few questions, mostly to ask yourself, that may help you find what's
going on.

Why mess with bind on the internal machines? Why not just populate
/etc/hosts and be done with it?

Regardless, which machines are entered into /etc/hosts on duo?

Does an nslookup or a dig against the DNS server jive with the /etc/bind
files?

Shouldn't you have a "$ORIGIN lan." in your first file (after the "@"
sections)?

How does your machine show up in the logfiles? (something like "telnetd
... connect from mac (192.168.1.100)" or "...connect from mac.lan.
(208..."?


--Rich

will trillich wrote:
> 
> Apr 17 14:58:33 duo xinetd[325]: warning: /etc/hosts.deny, line 15: can't verify hostname: gethostbyname(kat.lan) failed
> 
> aaugh!
> 
> my wife's machine is windo~1 98 at 192.168.1.200; my machine is a
> mac os 8.1 at 192.168.1.100. i have no trouble connecting via ftp
> (or ssh or http) but she's bounced out with the
> 
>         xinetd[325]: warning: /etc/hosts.deny, line 15:
>         can't verify hostname: gethostbyname(kat.lan) failed
> 
> we both have the same nameserver setup (name server is debian potato at
> 192.168.1.1) ... what do i need to look for? here are the /etc/bind/lan* files
> that pertain:
> 
>         ;
>         ; *.LAN bind/named/dns
>         ;
>         $TTL 2W
>         @   IN  SOA lan. root.lan. (
>                                 200104171   ; Serial
>                                 8H      ; Refresh
>                                 2H      ; Retry
>                                 1W      ; Expire
>                                 1D )        ; Default TTL
>         ;
>         @       NS      ns
>                         A       192.168.1.1
>         ns      A       192.168.1.1
>         duo     A       192.168.1.2
>         mac     A       192.168.1.100
>         kat     A       192.168.1.200
> 
> and here's the reverse-lookup file to match:
> 
>         ;
>         ; *.LAN reverse lookup bind/named/dns
>         ; (1.168.192.in-addr.arpa)
>         ;
>         $TTL 2W
>         @   IN  SOA lan. root.lan. (
>                                 200104173   ; Serial
>                                 8H      ; Refresh
>                                 2H      ; Retry
>                                 1W      ; Expire
>                                 1D )        ; Default TTL
>         @           NS  ns.lan.
>         @       PTR lan.
>         ;
>         1   IN  PTR ns.lan.
>         ;
>         2   IN  PTR duo.lan.
>         100 IN  PTR mac.lan.
>         200 IN  PTR kat.lan.
> 
> duo.lan is a secondary debian server, and she can't get in from 192.168.1.200
> because of a gripe against /etc/hosts.deny, which contains
> 
>         ALL: PARANOID
> 
> but i can get in from 192.168.1.100 with no trouble. what gives?
> 
> --
> don't visit this page. it's bad for you. take my expert word for it.
> http://www.salon.com/people/col/pagl/2001/03/21/spring/index1.html
> 
> will@serensoft.com
> http://sourceforge.net/projects/newbiedoc -- we need your brain!
> http://www.dontUthink.com/ -- your brain needs us!
> 
-- 

_________________________________________________________
                         
Rich Puhek               
ETN Systems Inc.         
_________________________________________________________
Reply to: