[Server-devel] Jabber presence under NAT & named under DMZ issues

Jerry Vonau jvonau at shaw.ca
Sun Nov 7 22:54:45 EST 2010


On Fri, 2010-11-05 at 21:19 -0500, Anna wrote:

> Eventually, after many hours of troubleshooting, I put the XSXO into
> the DMZ in my router and the presence service quit resetting us every
> hour.
> 
> Of course, I deleted /etc/sysconfig/network-scripts/ifcfg-eth0-local
> once I set XSXO in the DMZ.
> 
> I edited /etc/hosts for:
> 
> 67.195.160.76    schoolserver.random.net random.net
> 
Don't think you want to have the router's external address in the XSXO's
hosts file. I'd stick with localhost here.

> I put the OpenDNS IPs in named-xs.conf.in and then make -f
> xs-config.make named-xs.conf

Think that is prior to 0.6.0 try domain_config

> I actually use OpenDNS DNS IPs in my router instead of my ISP's DNS
> IPs.
> 

Should be no problem with that.

> Here's /var/named-xs/school.external.zone.db
> 
> @ in soa localhost. root 1 3H 15M 1W 1D
>   ns localhost.
> 
> schoolserver    IN    A    67.195.160.76
> school        IN    CNAME    schoolserver
> www        IN    CNAME    schoolserver
> ntp        IN    CNAME   schoolserver
> time        IN    CNAME    schoolserver
> presence    IN    CNAME    schoolserver
> xs        IN    CNAME    schoolserver
> library        IN    CNAME    schoolserver
> conference.schoolserver    IN    CNAME    schoolserver
> 
> But then named never comes back up:
> 
> Starting named: 
> Error in named configuration:
> zone localdomain/IN: loaded serial 42
> zone localhost/IN: loaded serial 42
> zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700
> zone
> 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 1997022700
> zone 255.in-addr.arpa/IN: loaded serial 42
> zone 0.in-addr.arpa/IN: loaded serial 42
> dns_rdata_fromtext: school.internal.zone.db:1: near 'root': bad name
> (check-names)
> school.internal.zone.db:2: no TTL specified; zone rejected
> school.internal.zone.db:4: schoolserver1.\@\@BASEDNSNAME\@\@: bad
> owner name (check-names)
> school.internal.zone.db:4: no TTL specified; zone rejected
> school.internal.zone.db:5: schoolserver2.\@\@BASEDNSNAME\@\@: bad
> owner name (check-names)
> school.internal.zone.db:5: no TTL specified; zone rejected
> school.internal.zone.db:6: schoolserver3.\@\@BASEDNSNAME\@\@: bad
> owner name (check-names)
> school.internal.zone.db:6: no TTL specified; zone rejected
> school.internal.zone.db:7: schoolserver4.\@\@BASEDNSNAME\@\@: bad
> owner name (check-names)
> school.internal.zone.db:7: no TTL specified; zone rejected
> school.internal.zone.db:8: schoolserver5.\@\@BASEDNSNAME\@\@: bad
> owner name (check-names)
> school.internal.zone.db:8: no TTL specified; zone rejected
> school.internal.zone.db:9: schoolserver6.\@\@BASEDNSNAME\@\@: bad
> owner name (check-names)
> school.internal.zone.db:9: no TTL specified; zone rejected
> school.internal.zone.db:10: schoolserver7.\@\@BASEDNSNAME\@\@: bad
> owner name (check-names)
> school.internal.zone.db:10: no TTL specified; zone rejected
> school.internal.zone.db:11: schoolserver8.\@\@BASEDNSNAME\@\@: bad
> owner name (check-names)
> school.internal.zone.db:11: no TTL specified; zone rejected
> school.internal.zone.db:13: schoolserver.\@\@BASEDNSNAME\@\@: bad
> owner name (check-names)
> school.internal.zone.db:13: no TTL specified; zone rejected
> school.internal.zone.db:14: school.\@\@BASEDNSNAME\@\@: bad owner name
> (check-names)
> school.internal.zone.db:14: no TTL specified; zone rejected
> school.internal.zone.db:15: www.\@\@BASEDNSNAME\@\@: bad owner name
> (check-names)
> school.internal.zone.db:15: no TTL specified; zone rejected
> school.internal.zone.db:16: ntp.\@\@BASEDNSNAME\@\@: bad owner name
> (check-names)
> school.internal.zone.db:16: no TTL specified; zone rejected
> school.internal.zone.db:17: time.\@\@BASEDNSNAME\@\@: bad owner name
> (check-names)
> school.internal.zone.db:17: no TTL specified; zone rejected
> school.internal.zone.db:18: presence.\@\@BASEDNSNAME\@\@: bad owner
> name (check-names)
> school.internal.zone.db:18: no TTL specified; zone rejected
> school.internal.zone.db:19: xs.\@\@BASEDNSNAME\@\@: bad owner name
> (check-names)
> school.internal.zone.db:19: no TTL specified; zone rejected
> school.internal.zone.db:20: library.\@\@BASEDNSNAME\@\@: bad owner
> name (check-names)
> school.internal.zone.db:20: no TTL specified; zone rejected
> school.internal.zone.db:22: conference.schoolserver.\@\@BASEDNSNAME\@
> \@: bad owner name (check-names)
> school.internal.zone.db:22: no TTL specified; zone rejected
> school.internal.zone.db:29: no TTL specified; zone rejected
> school.internal.zone.db:32: no TTL specified; zone rejected
> zone \@\@BASEDNSNAME\@\@/IN: loading from master file
> school.internal.zone.db failed: bad name (check-names)
> localhost_resolver/@@BASEDNSNAME@@/in: bad name (check-names)
> dns_rdata_fromtext: school.internal.zone.db:1: near 'root': bad name
> (check-names)
> school.internal.zone.db:2: no TTL specified; zone rejected
> school.internal.zone.db:4: schoolserver1.\@\@BASEDNSNAME\@\@: bad
> owner name (check-names)
> school.internal.zone.db:4: no TTL specified; zone rejected
> school.internal.zone.db:5: schoolserver2.\@\@BASEDNSNAME\@\@: bad
> owner name (check-names)
> school.internal.zone.db:5: no TTL specified; zone rejected
> school.internal.zone.db:6: schoolserver3.\@\@BASEDNSNAME\@\@: bad
> owner name (check-names)
> school.internal.zone.db:6: no TTL specified; zone rejected
> school.internal.zone.db:7: schoolserver4.\@\@BASEDNSNAME\@\@: bad
> owner name (check-names)
> school.internal.zone.db:7: no TTL specified; zone rejected
> school.internal.zone.db:8: schoolserver5.\@\@BASEDNSNAME\@\@: bad
> owner name (check-names)
> school.internal.zone.db:8: no TTL specified; zone rejected
> school.internal.zone.db:9: schoolserver6.\@\@BASEDNSNAME\@\@: bad
> owner name (check-names)
> school.internal.zone.db:9: no TTL specified; zone rejected
> school.internal.zone.db:10: schoolserver7.\@\@BASEDNSNAME\@\@: bad
> owner name (check-names)
> school.internal.zone.db:10: no TTL specified; zone rejected
> school.internal.zone.db:11: schoolserver8.\@\@BASEDNSNAME\@\@: bad
> owner name (check-names)
> school.internal.zone.db:11: no TTL specified; zone rejected
> school.internal.zone.db:13: schoolserver.\@\@BASEDNSNAME\@\@: bad
> owner name (check-names)
> school.internal.zone.db:13: no TTL specified; zone rejected
> school.internal.zone.db:14: school.\@\@BASEDNSNAME\@\@: bad owner name
> (check-names)
> school.internal.zone.db:14: no TTL specified; zone rejected
> school.internal.zone.db:15: www.\@\@BASEDNSNAME\@\@: bad owner name
> (check-names)
> school.internal.zone.db:15: no TTL specified; zone rejected
> school.internal.zone.db:16: ntp.\@\@BASEDNSNAME\@\@: bad owner name
> (check-names)
> school.internal.zone.db:16: no TTL specified; zone rejected
> school.internal.zone.db:17: time.\@\@BASEDNSNAME\@\@: bad owner name
> (check-names)
> school.internal.zone.db:17: no TTL specified; zone rejected
> school.internal.zone.db:18: presence.\@\@BASEDNSNAME\@\@: bad owner
> name (check-names)
> school.internal.zone.db:18: no TTL specified; zone rejected
> school.internal.zone.db:19: xs.\@\@BASEDNSNAME\@\@: bad owner name
> (check-names)
> school.internal.zone.db:19: no TTL specified; zone rejected
> school.internal.zone.db:20: library.\@\@BASEDNSNAME\@\@: bad owner
> name (check-names)
> school.internal.zone.db:20: no TTL specified; zone rejected
> school.internal.zone.db:22: conference.schoolserver.\@\@BASEDNSNAME\@
> \@: bad owner name (check-names)
> school.internal.zone.db:22: no TTL specified; zone rejected
> school.internal.zone.db:29: no TTL specified; zone rejected
> school.internal.zone.db:32: no TTL specified; zone rejected
> zone \@\@BASEDNSNAME\@\@/IN: loading from master file
> school.internal.zone.db failed: bad name (check-names)
> internal/@@BASEDNSNAME@@/IN: bad name (check-names)
> school.internal.zone.in-addr.db:1: no TTL specified; using SOA MINTTL
> instead
> zone 0.18.172.in-addr.arpa/IN: loaded serial 1
> school.internal.zone.16.in-addr.db:1: no TTL specified; using SOA
> MINTTL instead
> zone 16.18.172.in-addr.arpa/IN: loaded serial 1
> school.internal.zone.32.in-addr.db:1: no TTL specified; using SOA
> MINTTL instead
> zone 18.18.172.in-addr.arpa/IN: loaded serial 1
> school.internal.zone.48.in-addr.db:1: no TTL specified; using SOA
> MINTTL instead
> zone 20.18.172.in-addr.arpa/IN: loaded serial 1
> dns_rdata_fromtext: school.external.zone.db:1: near 'root': bad name
> (check-names)
> school.external.zone.db:2: no TTL specified; zone rejected
> school.external.zone.db:4: schoolserver.\@\@BASEDNSNAME\@\@: bad owner
> name (check-names)
> school.external.zone.db:4: no TTL specified; zone rejected
> school.external.zone.db:5: no TTL specified; zone rejected
> school.external.zone.db:6: no TTL specified; zone rejected
> school.external.zone.db:7: no TTL specified; zone rejected
> school.external.zone.db:8: no TTL specified; zone rejected
> school.external.zone.db:9: no TTL specified; zone rejected
> school.external.zone.db:10: no TTL specified; zone rejected
> school.external.zone.db:11: no TTL specified; zone rejected
> school.external.zone.db:12: no TTL specified; zone rejected
> zone \@\@BASEDNSNAME\@\@/IN: loading from master file
> school.external.zone.db failed: bad name (check-names)
> external/@@BASEDNSNAME@@/IN: bad name (check-names)
>                                                            [FAILED]
> 
> 

Think you might want to try domain_config, looks like make -f
xs-config.make named-xs.conf copied the other *.in files, without doing
the needed name replacement to \@\@BASEDNSNAME\@\@ that domain_config
does to these files.

> So, is it my router or is there something on the XS that runs at the
> top of every hour that breaks if a particular port isn't open?  I
> searched all over /var/log and didn't see anything.
> 

I'd go with the router, but why the DMZ setting makes it work, not sure.

> If someone has advice with either of these options, that would be very
> helpful:
> 
> 1.  The XSXO has an IP from my LAN (192.168.1.200 for example) and I
> can forward 80, 5222, 5223 (or other ports!) to it and the presence
> service doesn't reset every hour.
> 

> 2.  The XSXO is in the DMZ and named will start up.
> 
Think that has to do with named trying to resolve the hostname for the
local XSOX to the external ip address instead of localhost. I'd leave
the hosts files as stock and just change 
/var/named-xs/school.external.zone.db

> Anna Schoolfield
> Birmingham

Jerry




More information about the Server-devel mailing list