[SUMMARY] Tru64 4.0F behind an ADSL NATting router

• Previous message: Lew TK: "arg list too long"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 20 Jun 2003 14:16:57 +0200
To: Alpha OSF Managers <tru64-unix-managers@ornl.gov>

Dear all,

this is a summary without a question because before I wrote the
question I worked through the answer...

The problem is simple to explain:

--<DHCP>--[ADSL]--<RFC1918 addresses>--[Tru64 box]
                10.4.4.1 10.4.4.10
                                        PWS 500au/Tru64 4.0F

the ADSL modem/router is configured to offer NAT services, as such it
also offers DNS and DHCP. The DHCP addresses are offered in the range
10.4.4.x, 201<=x<=229, the rest of the address space is free for
static IPs.

The obvious, trivial, setup for the Tru64 box is to give it a static
IP (useful to use it as a server) and then everyone is happy.

Unfortunately that is not the case. The DNS services from the ADSL
box do _not_ include 10.in-addr.arpa for the RFC1918 network which
means that you clearly have to use /etc/hosts for private name
resolution and use the DNS for external addresses.

Theoretically sufficient setup:

  /etc/hosts:

  10.4.4.10 myalpha
  10.4.4.1 adsl

  /etc/resolv.conf:

  nameserver 10.4.4.1

This is all good and well until on the Alpha you decide to try and
resolve something using nslookup. Then nslookup complains that it
can't find the name of the nameserver (because if you query the ADSL
router for 1.4.4.10.in-addr.arpa it replies NXDOMAIN). The
side-effect of this is that DNS is broken for pretty much everything -
you can't get out of the NAT box as the alpha refuses to talk to the
(only) nameserver.

The fix is trivial (hence the lack of question to the mailing list):
run a named server on the alpha. If you want you can set the
forwarders to 10.4.4.1 (repeated a few times to give it time to fetch
the data) and while you are at it setup the in-addr.arpa. zone to your
liking. The setup is a basic "split-horizon" DNS service which knows
about "internal zones". For reference you need to define (at least)
10.in-addr.arpa for it to work. You can also create a private
internal domain but do be careful not to overshadow someone's real
domain otherwise it will be forever unreachable to your boxes...

Since the ADSL router does NAT it will happily NAT the DNS requests
from the inside and the nameserver works as expected. For extra
points you can setup the ADSL router to use DNS from the Alpha instead
of providing DNS services. Since the ADSL router does not need DNS to
boot up this has no nasty side-effects.

Please note that my testing is restricted to 4.0F - I have absolutely
no idea if this happens with 4.0G or 5.x.

Hope this is of help to others,

Arrigo

• Previous message: Lew TK: "arg list too long"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]