From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wi0-f181.google.com (mail-wi0-f181.google.com [209.85.212.181]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 3A34220027E for ; Thu, 15 Mar 2012 11:38:53 -0700 (PDT) Received: by wibhr17 with SMTP id hr17so4282673wib.10 for ; Thu, 15 Mar 2012 11:38:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=95uGOitVcsbHTinTPR9cTQu7k0MdL8LL3OZ6IcxqZrs=; b=ybJwywhQQx24Xevkb8ECtYjtgZvojiXMes8Zu50FouGYEwRFfyliZ72YY3JjicY98E fwSwuqFaTyrkC2F90WDsAKTU0T512Y3v6D25j2Ep+CpufcuGi2UpTL/7PVqXT+o77wSM tSFjur+HOiDY6y5jRIJ8gpTHDvvV0apjR7jZ6DG2G62qdmD9yeTqfV9ZmkRvg1Q4Msr+ rdkRvhktp+LBYeDWAW7CM1CA9h30YY9HKsHWuyE1MTjP7iwLYPdypvCQDKwy1SgnBian EqTXmtONHWDZwFN7jmMdOna1JSWlCVffzACcHF4DvVJTYFtQ3lh4fbL/ce9o+Za2uMew aD3A== MIME-Version: 1.0 Received: by 10.216.202.99 with SMTP id c77mr5588114weo.5.1331836730838; Thu, 15 Mar 2012 11:38:50 -0700 (PDT) Received: by 10.223.151.8 with HTTP; Thu, 15 Mar 2012 11:38:50 -0700 (PDT) In-Reply-To: References: Date: Thu, 15 Mar 2012 11:38:50 -0700 Message-ID: From: Dave Taht To: Ketan Kulkarni Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: cerowrt-devel@lists.bufferbloat.net Subject: Re: [Cerowrt-devel] dns failures on cerowrt X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Mar 2012 18:38:53 -0000 While I'm at this, I note that we do also include dnsmasq in cerowrt, and include the full openwrt gui for such. You can easily deconfigure bind and replace it with dnsmasq by: mv /etc/xinetd.d/named /etc/named.old killall -1 xinetd killall named vi /etc/config/dhcp and change the port 0 line to be port 53 /etc/init.d/dnsmasq restart # or just reboot and that should enable dnsmasq instead of bind. I note that what is in 3.3rc7 and later is actually the most bleeding-edge-= ist dnsmasq, which includes (untested, hint, hint) support for dnssec proxying, as well as ra announcements and some support for serving up dhcpv6. dnsmasq is much better integrated into the openwrt gui, as well. In losing bind, the ability to have split views, act as an internet peer, etc, etc are all lost, and I'd prefer to keep hacking on bind, but the new dnsmasq c= ould use some love expended on it too, asI expect the new version to be standard are far more cpe than bind ever will be. This new version of dnsmasq should be out in final form soon. (and as I side note, because I can't stand vi, I have an emacs clone in the build called zile) On Thu, Mar 15, 2012 at 11:19 AM, Dave Taht wrote: > I hope you don't mind, but I prefer to always answer questions like these > publicly. > > On Thu, Mar 15, 2012 at 10:55 AM, Ketan Kulkarni wro= te: >> Hi Dave, >> I bought wndr3800 and now setting up the cerowrt on it. > > Yea! > >> I am getting few issues in setting up dns server. >> Observation: nslookup from my laptop through cerowrt fails >> >> Thanks jg for many dns related pointers - still I must have missed somet= hing >> to get it working. >> >> Few things I tried (few of them really dumb) - >> 1. Time and zone is properly set on cerowrt box >> 2. Restarted namedprep and named everytime > > At one level I'm glad we're exposing potential problems with getting > dnssec deployed more widely. > > At another level, it frustrates me. > >> 3. Also tried modifying >> dnssec-validation auto to off; >> dnssec-lookaside auto to off; and then restarting named but it didnt hel= p >> either. > > To debug these sorts of problems I usually use a command to continuously > read the syslog > > openwrt# logread -f & > > and then watch stuff like 'killing off the dns server and restarting' go. > > # killall named > # nslookup ::1 # should return localhost after named restarts > # rndc validation disable # is a command you can issue to turn off valida= tion > # host www.lwn.net # repeat a few times > # your clock should slew inside of about > # > Here are the potential problems. > > 0) Are you on a real ip address or behind levels of nat? > > 1) If you are behind someone elses firewall, it may be that you cannot > get dns through it. In many locations dns packets are blocked, and dns > is only available from the local dns server. > > 2) in some locations dns access to the roots is blocked > > 3) in some places the local dns server is too lame to recurse properly > or handle ipv6 > > 4) in others NTP is blocked > >> >> 4. Added my lan subnet entry in "acls.local.conf" - in vain. > > It is a good idea that you do so. > >> 5. added my dns servers in forwarders.conf > > That should have worked, unless your dns servers were lame. > > Did you try 8.8.8.8 as a forwarder? > >> If I configure any open dns server like 8.8.8.8; everything works proper= ly >> (as expected). >> >> Waited to catch you - but its almost midnight here - so thought to put i= t in >> the mail > > I went to bed early last night (flu), and woke up late (more flu) > >> >> Appreciate your help. >> >> Thanks, >> Ketan >> >> p.s. firmware is cerowrt-3.3rc7.2 > > > > -- > Dave T=E4ht > SKYPE: davetaht > US Tel: 1-239-829-5608 > http://www.bufferbloat.net --=20 Dave T=E4ht SKYPE: davetaht US Tel: 1-239-829-5608 http://www.bufferbloat.net