[LARTC] equalize and DNS zone transfers

[LARTC] equalize and DNS zone transfers

[Paul English]

Hi everyone,
	I'm new to the list and I've got a couple of questions. I'm 
following instructions here:
http://www.samag.com/documents/s\x1824/sam0201h/0201h.htm
for setting up a dual-connection (T1 & DSL) machine. My problems are:

1) ip route add default equalize doesn't work - I get:

>ip route add default equalize
RTNETLINK answers: No such device

or if I do it properly:

>ip route add default equalize nexthop via 206.253.195.209 dev eth0 
nexthop via 64.133.254.73 dev eth2
RTNETLINK answers: Invalid argument

2) Since that didn't work, I just made my default be via 64.133.254.73. 
Now I'm running a DNS master server on  206.253.195.209 and while it 
responds to regular dig just fine, it doesn't respond to zone transfer 
(dig axfr ). Or rather, I've been told by the guy running the slave server 
that for whatever reason it responds over the 64.133.254.73 address, 
although I'm not sure how he found that out - so zone transfers don't 
work.

I'm aware that #2 _could_ be due to my ipchains configuration being 
incorrect, but I have poked some pretty big holes for the slave servers.

3) I see Policy Routing Using Linux by Matthew Marsh highly recommended on 
this site: http://defiant.coinet.com/iproute2/  
Are there any books that people would recommend even more highly? I'm 
finding the command-reference only documentation on the net to be a bit 
less than I need. 

Thanks,
Paul

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] equalize and DNS zone transfers

[William L. Thomson Jr.]

Paul,
	Off hand I would assume that your kernel was not compiled with
multipath support. That's the only reason I can think of off hand why
those commands would fail.

	Now if that is compiled into your kernel, then it could be a problem
with you trying to use a IP that your machine does not have routes for.

Ex. In order to use 206.253.195.209 and 64.133.254.73

if you type route -n enter, then you should get back something saying

206.253.195.0 dev eth*
64.133.254.0 dev eth*

If those entires do not appear in the routing table, then the machine
will not know how to reach the IP's you are using for your multipath
gateway.

Also, FYI,
	The article you are referring to is a good one. Mostly for the DNS
aspects. For the rest I would recommend the following.
http://www.linuxvirtualserver.org/~julian/nano.txt

Also there are some patches you will need to apply to your kernel in
order to make things work. Aside from the patches the linux router will
have to perform some sort of NAT.

Then and only then will you be able to use both connections. I spent
several months, and many long days and nights going through what does
not work. I have found only one working solution. 

If you look through the LARTC archieves you will see my past posts. Feel
free to ask me anything, or simply post to the list and I as well as
others will reply.

Good luck, hope that helps.


On Thu, 2002-06-06 at 12:14, Paul English wrote:
> 
> Hi everyone,
> 	I'm new to the list and I've got a couple of questions. I'm 
> following instructions here:
> http://www.samag.com/documents/s\x1824/sam0201h/0201h.htm
> for setting up a dual-connection (T1 & DSL) machine. My problems are:
> 
> 1) ip route add default equalize doesn't work - I get:
> 
> >ip route add default equalize
> RTNETLINK answers: No such device
> 
> or if I do it properly:
> 
> >ip route add default equalize nexthop via 206.253.195.209 dev eth0 
> nexthop via 64.133.254.73 dev eth2
> RTNETLINK answers: Invalid argument
> 
> 2) Since that didn't work, I just made my default be via 64.133.254.73. 
> Now I'm running a DNS master server on  206.253.195.209 and while it 
> responds to regular dig just fine, it doesn't respond to zone transfer 
> (dig axfr ). Or rather, I've been told by the guy running the slave server 
> that for whatever reason it responds over the 64.133.254.73 address, 
> although I'm not sure how he found that out - so zone transfers don't 
> work.
> 
> I'm aware that #2 _could_ be due to my ipchains configuration being 
> incorrect, but I have poked some pretty big holes for the slave servers.
> 
> 3) I see Policy Routing Using Linux by Matthew Marsh highly recommended on 
> this site: http://defiant.coinet.com/iproute2/  
> Are there any books that people would recommend even more highly? I'm 
> finding the command-reference only documentation on the net to be a bit 
> less than I need. 
> 
> Thanks,
> Paul
> 
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> 
-- 
Sincerely,
William L. Thomson Jr.
Obsidian-Studios, Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone  707.766.9509
Fax    707.766.8989
http://www.obsidian-studios.com
-- 
Sincerely,
William L. Thomson Jr.
Support Group
Obsidian-Studios Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone  707.766.9509
Fax    707.766.8989
http://www.obsidian-studios.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] equalize and DNS zone transfers

[William L. Thomson Jr.]

On Thu, 2002-06-06 at 12:27, William L. Thomson Jr. wrote:
> Paul,
> 	Off hand I would assume that your kernel was not compiled with
> multipath support. That's the only reason I can think of off hand why
> those commands would fail.
> 
> 	Now if that is compiled into your kernel, then it could be a problem
> with you trying to use a IP that your machine does not have routes for.
> 
> Ex. In order to use 206.253.195.209 and 64.133.254.73
> 
> if you type route -n enter, then you should get back something saying
> 
> 206.253.195.0 dev eth*
> 64.133.254.0 dev eth*
> 
> If those entires do not appear in the routing table, then the machine
> will not know how to reach the IP's you are using for your multipath
> gateway.
> 
> Also, FYI,
> 	The article you are referring to is a good one. Mostly for the DNS
> aspects. For the rest I would recommend the following.
> http://www.linuxvirtualserver.org/~julian/nano.txt
> 
> Also there are some patches you will need to apply to your kernel in
> order to make things work. Aside from the patches the linux router will
> have to perform some sort of NAT.

Here is the url for the pacthes

http://www.linuxvirtualserver.org/~julian/#routes

> Then and only then will you be able to use both connections. I spent
> several months, and many long days and nights going through what does
> not work. I have found only one working solution. 
> 
> If you look through the LARTC archieves you will see my past posts. Feel
> free to ask me anything, or simply post to the list and I as well as
> others will reply.
> 
> Good luck, hope that helps.
> 
> 
> On Thu, 2002-06-06 at 12:14, Paul English wrote:
> > 
> > Hi everyone,
> > 	I'm new to the list and I've got a couple of questions. I'm 
> > following instructions here:
> > http://www.samag.com/documents/s\x1824/sam0201h/0201h.htm
> > for setting up a dual-connection (T1 & DSL) machine. My problems are:
> > 
> > 1) ip route add default equalize doesn't work - I get:
> > 
> > >ip route add default equalize
> > RTNETLINK answers: No such device
> > 
> > or if I do it properly:
> > 
> > >ip route add default equalize nexthop via 206.253.195.209 dev eth0 
> > nexthop via 64.133.254.73 dev eth2
> > RTNETLINK answers: Invalid argument
> > 
> > 2) Since that didn't work, I just made my default be via 64.133.254.73. 
> > Now I'm running a DNS master server on  206.253.195.209 and while it 
> > responds to regular dig just fine, it doesn't respond to zone transfer 
> > (dig axfr ). Or rather, I've been told by the guy running the slave server 
> > that for whatever reason it responds over the 64.133.254.73 address, 
> > although I'm not sure how he found that out - so zone transfers don't 
> > work.
> > 
> > I'm aware that #2 _could_ be due to my ipchains configuration being 
> > incorrect, but I have poked some pretty big holes for the slave servers.
> > 
> > 3) I see Policy Routing Using Linux by Matthew Marsh highly recommended on 
> > this site: http://defiant.coinet.com/iproute2/  
> > Are there any books that people would recommend even more highly? I'm 
> > finding the command-reference only documentation on the net to be a bit 
> > less than I need. 
> > 
> > Thanks,
> > Paul
> > 
> > _______________________________________________
> > LARTC mailing list / LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> > 
> -- 
> Sincerely,
> William L. Thomson Jr.
> Obsidian-Studios, Inc.
> 439 Amber Way
> Petaluma, Ca. 94952
> Phone  707.766.9509
> Fax    707.766.8989
> http://www.obsidian-studios.com
> -- 
> Sincerely,
> William L. Thomson Jr.
> Support Group
> Obsidian-Studios Inc.
> 439 Amber Way
> Petaluma, Ca. 94952
> Phone  707.766.9509
> Fax    707.766.8989
> http://www.obsidian-studios.com
> 
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> 
-- 
Sincerely,
William L. Thomson Jr.
Support Group
Obsidian-Studios Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone  707.766.9509
Fax    707.766.8989
http://www.obsidian-studios.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] equalize and DNS zone transfers

[Paul English]

> 	Off hand I would assume that your kernel was not compiled with
> multipath support. That's the only reason I can think of off hand why
> those commands would fail.

On closer examination that appears to be true. I thought I had installed 
the kernel (same version) with multipath support, but checksums disagree. 

On the other hand, it appears that my zone transfer problem was entirely 
due to my ipchains configuration. :-/ With that fixed everything works 
fine - except multipath of course. 

I can live with the current configuration (no multipath) as even without 
multipath turned on, as long as I have separate routing tables for the T1 
and DSL, I can route everything out of the DSL, and incoming customer 
connections on the T1 are routed right back out the T1 - perfect!

Well - almost. Ultimately I will have it set up such that I use 2 DSL for 
clients MASQ'ed behind the firewall, and the T1 for customers (external 
connections) only, with some kind of failover setup. 

> Then and only then will you be able to use both connections. I spent
> several months, and many long days and nights going through what does
> not work. I have found only one working solution. 
> 
> If you look through the LARTC archieves you will see my past posts. Feel
> free to ask me anything, or simply post to the list and I as well as
> others will reply.

I will most definitely do that. With zone transfers working (and email, 
www, etc) now I can more comfortably research how to get the "ideal" 
setup.

Thanks,
Paul

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/