Re: named/bind vs. /etc/hosts.deny -- can't verify hostname
Will,
A few questions, mostly to ask yourself, that may help you find what's
going on.
Why mess with bind on the internal machines? Why not just populate
/etc/hosts and be done with it?
Regardless, which machines are entered into /etc/hosts on duo?
Does an nslookup or a dig against the DNS server jive with the /etc/bind
files?
Shouldn't you have a "$ORIGIN lan." in your first file (after the "@"
sections)?
How does your machine show up in the logfiles? (something like "telnetd
... connect from mac (192.168.1.100)" or "...connect from mac.lan.
(208..."?
--Rich
will trillich wrote:
>
> Apr 17 14:58:33 duo xinetd[325]: warning: /etc/hosts.deny, line 15: can't verify hostname: gethostbyname(kat.lan) failed
>
> aaugh!
>
> my wife's machine is windo~1 98 at 192.168.1.200; my machine is a
> mac os 8.1 at 192.168.1.100. i have no trouble connecting via ftp
> (or ssh or http) but she's bounced out with the
>
> xinetd[325]: warning: /etc/hosts.deny, line 15:
> can't verify hostname: gethostbyname(kat.lan) failed
>
> we both have the same nameserver setup (name server is debian potato at
> 192.168.1.1) ... what do i need to look for? here are the /etc/bind/lan* files
> that pertain:
>
> ;
> ; *.LAN bind/named/dns
> ;
> $TTL 2W
> @ IN SOA lan. root.lan. (
> 200104171 ; Serial
> 8H ; Refresh
> 2H ; Retry
> 1W ; Expire
> 1D ) ; Default TTL
> ;
> @ NS ns
> A 192.168.1.1
> ns A 192.168.1.1
> duo A 192.168.1.2
> mac A 192.168.1.100
> kat A 192.168.1.200
>
> and here's the reverse-lookup file to match:
>
> ;
> ; *.LAN reverse lookup bind/named/dns
> ; (1.168.192.in-addr.arpa)
> ;
> $TTL 2W
> @ IN SOA lan. root.lan. (
> 200104173 ; Serial
> 8H ; Refresh
> 2H ; Retry
> 1W ; Expire
> 1D ) ; Default TTL
> @ NS ns.lan.
> @ PTR lan.
> ;
> 1 IN PTR ns.lan.
> ;
> 2 IN PTR duo.lan.
> 100 IN PTR mac.lan.
> 200 IN PTR kat.lan.
>
> duo.lan is a secondary debian server, and she can't get in from 192.168.1.200
> because of a gripe against /etc/hosts.deny, which contains
>
> ALL: PARANOID
>
> but i can get in from 192.168.1.100 with no trouble. what gives?
>
> --
> don't visit this page. it's bad for you. take my expert word for it.
> http://www.salon.com/people/col/pagl/2001/03/21/spring/index1.html
>
> will@serensoft.com
> http://sourceforge.net/projects/newbiedoc -- we need your brain!
> http://www.dontUthink.com/ -- your brain needs us!
>
--
_________________________________________________________
Rich Puhek
ETN Systems Inc.
_________________________________________________________
Reply to: