Network: Can't get DNS working

A couple of issues:

  1. Could not “cat /proc/ipstats” with “tcpip”. Had to use “ttcpip”.
    I have an ne2000 ISA card installed. ISA!!
  2. phlip doesn’t “behave”. It doesn’t write out to /etc/net.cfg what
    I enter into the fields. (But no error message come up.)
  3. I can ping all the NT machines and the nameserver in my office by
    address but not by name.

My rc.local file has the following and DHCP seems to work fine.

/bin/slay io-net
/sbin/io-net -dne2000 ioport=0x220, irq=5 -pttcpip
waitfor /dev/socket
/bin/netmanager -r en0
if_up -r 10 -s 1 en0

What other info do you need?

Please help.

Mark Symmes <msymmes@symmes.to> wrote:

A couple of issues:

  1. Could not “cat /proc/ipstats” with “tcpip”. Had to use “ttcpip”.
    I have an ne2000 ISA card installed. ISA!!

use netstat with the big stack

  1. phlip doesn’t “behave”. It doesn’t write out to /etc/net.cfg what
    I enter into the fields. (But no error message come up.)

are you sure? use phlip -d to confirm that the information you enter is not
being correctly written.

  1. I can ping all the NT machines and the nameserver in my office by
    address but not by name.

if its not already there, add your nameserver to the nameserver list in
the network panel


My rc.local file has the following and DHCP seems to work fine.

/bin/slay io-net
/sbin/io-net -dne2000 ioport=0x220, irq=5 -pttcpip
waitfor /dev/socket
/bin/netmanager -r en0
if_up -r 10 -s 1 en0

What other info do you need?

Please help.

Mark Symmes <msymmes@symmes.to> wrote in message
news:3A12C357.B92D3A7F@symmes.to

A couple of issues:

  1. Could not “cat /proc/ipstats” with “tcpip”. Had to use “ttcpip”.
    I have an ne2000 ISA card installed. ISA!!
  2. phlip doesn’t “behave”. It doesn’t write out to /etc/net.cfg what
    I enter into the fields. (But no error message come up.)
  3. I can ping all the NT machines and the nameserver in my office by
    address but not by name.

This is more in the way of an answer than a problem report…
I too cannot get to the NT machines by name, but can do it by address.
I am behind a corporate firewall using NT Server.
It appears that there is NO DNS on the inside of the firewall.
All the local software (mostly Windoze in various flavours) uses WINS to
resolve names, not DNS
(More #$#%#$ Microsoft baloney!)
I can still get out to the Internet using Voyager and proxy server if I
simply set the numeric address of the “insulating” server, and the
appropriate port number.
Apparently there is no “internal” DNS available in many “mostly” MS
networks - they use WINS instead.
I believe that MS suggests this as the “safest” and “most stable” way of
running firewalls using NT Server…
( I may be mistaken, so do not take that statement as gospel)

The dhcp server does not give the dhcp client any dns address for
resolution, and when dhcp client starts up, it will “wipe” any DNS server
address because it gets “more up-to-date” information from the dhcp server -
which says that there is no DNS server running

My rc.local file has the following and DHCP seems to work fine.

/bin/slay io-net
/sbin/io-net -dne2000 ioport=0x220, irq=5 -pttcpip
waitfor /dev/socket
/bin/netmanager -r en0
if_up -r 10 -s 1 en0

What other info do you need?

Please help.

Steve Munnings, Corman Technologies <steve@cormantech.com> wrote:

This is more in the way of an answer than a problem report…
I too cannot get to the NT machines by name, but can do it by address.
I am behind a corporate firewall using NT Server.
It appears that there is NO DNS on the inside of the firewall.
All the local software (mostly Windoze in various flavours) uses WINS to
resolve names, not DNS

Well, here is a manual way around this…

in /etc/resolv.conf put…

search file,bind
nameserver

then you can put machines in /etc/hosts.

chris

cdm@qnx.com > “The faster I go, the behinder I get.”

Chris McKillop – Lewis Carroll –
Software Engineer, QSSL
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

Chris McKillop <cdm@qnx.com> wrote in message
news:8uv08p$biv$2@nntp.qnx.com

Steve Munnings, Corman Technologies <> steve@cormantech.com> > wrote:

This is more in the way of an answer than a problem report…
I too cannot get to the NT machines by name, but can do it by address.
I am behind a corporate firewall using NT Server.
It appears that there is NO DNS on the inside of the firewall.
All the local software (mostly Windoze in various flavours) uses WINS to
resolve names, not DNS


Well, here is a manual way around this…

in /etc/resolv.conf put…

search file,bind
nameserver <ip

then you can put machines in /etc/hosts.

Yes, I am aware of this, but this only allows you to make up names for Ip’s
that you know - i.e. make up your own dictionary of names <-> ip addresses

However, the really big issue is that there is no nameserver on the net
(that I can get to) in order to fill in any appropriate value for the ip in
the above "nameserver " line!

(This is not really QNX’s issue - unless you guys would like to write a WINS
name resolver facility ! :slight_smile:

chris

cdm@qnx.com > “The faster I go, the behinder I get.”
Chris McKillop – Lewis Carroll –
Software Engineer, QSSL

“Steve Munnings, Corman Technologies” wrote:

This is more in the way of an answer than a problem report…
I too cannot get to the NT machines by name, but can do it by address.
I am behind a corporate firewall using NT Server.
It appears that there is NO DNS on the inside of the firewall.
All the local software (mostly Windoze in various flavours) uses WINS to
resolve names, not DNS
(More #$#%#$ Microsoft baloney!)
I can still get out to the Internet using Voyager and proxy server if I
simply set the numeric address of the “insulating” server, and the
appropriate port number.
Apparently there is no “internal” DNS available in many “mostly” MS
networks - they use WINS instead.
I believe that MS suggests this as the “safest” and “most stable” way of
running firewalls using NT Server…
( I may be mistaken, so do not take that statement as gospel)

The dhcp server does not give the dhcp client any dns address for
resolution, and when dhcp client starts up, it will “wipe” any DNS server
address because it gets “more up-to-date” information from the dhcp server -
which says that there is no DNS server running

Thanks. You have steered me in the right direction.
Turns out we have no DNS server on the inside of the firewall. Only WINS.
So I have taken the address that the DHCP server gave me and installed it
manually and will no longer run dhcp.client as per your notes above.
But even after creating a small /etc/hosts file I can not ping by name nor
ip address anything on the outside - I get “ping: sendto: No route to host”.

Can you be more explicit about “using Voyager and proxy server and
setting the numeric address of the insulating server”.

What am I doing wrong?

Mark Symmes <msymmes@symmes.to> wrote in message
news:3A140205.1D96D86E@symmes.to

“Steve Munnings, Corman Technologies” wrote:


This is more in the way of an answer than a problem report…
I too cannot get to the NT machines by name, but can do it by address.
I am behind a corporate firewall using NT Server.
It appears that there is NO DNS on the inside of the firewall.
All the local software (mostly Windoze in various flavours) uses WINS to
resolve names, not DNS
(More #$#%#$ Microsoft baloney!)
I can still get out to the Internet using Voyager and proxy server if I
simply set the numeric address of the “insulating” server, and the
appropriate port number.
Apparently there is no “internal” DNS available in many “mostly” MS
networks - they use WINS instead.
I believe that MS suggests this as the “safest” and “most stable” way of
running firewalls using NT Server…
( I may be mistaken, so do not take that statement as gospel)

The dhcp server does not give the dhcp client any dns address for
resolution, and when dhcp client starts up, it will “wipe” any DNS
server
address because it gets “more up-to-date” information from the dhcp
server -
which says that there is no DNS server running

Thanks. You have steered me in the right direction.
Turns out we have no DNS server on the inside of the firewall. Only WINS.
So I have taken the address that the DHCP server gave me and installed it
manually and will no longer run dhcp.client as per your notes above.
But even after creating a small /etc/hosts file I can not ping by name nor
ip address anything on the outside - I get “ping: sendto: No route to
host”.

Can you be more explicit about “using Voyager and proxy server and
setting the numeric address of the insulating server”.

What am I doing wrong?

What you are doing wrong is that you are expecting MS stuff to work in the
most obvious or intuitive way! :sunglasses:

The essence of a firewall is to insulate the “inside user” from the
“outside”

Early firewalls did that by acting as routers and monitoring ports and
addresses and doing whatever censoring they did by not allowing connections
that did not have “blessings”.

MS vision of firewalls seems to be that every application needs to be
re-written to access a proxy port on the firewall server, talk to it using a
new protocol, and then be allowed access to the outside world (through this
port on the server). The server will do all of the name lookup, etc., and
do the actual communication to the outside.

The bottom line is that applications need to be able to talk to “proxy
servers” in order to get out through that kind of firewall.

Voyager is supposed to be able to do this - and in fact does do it. You can
still leave dhcp client running (you probably should, as this is needed for
the MS “inside network” to allocate a dynamically changing IP address to
your machine.)
What you need to do is go to the Edit->Preferences->Connections menu of
Voyager, and tell it to use proxy server for outside access.
Basically set all of the services (except SOCKS) that you see there to the
numeric ip address of your “internet server” machine and use an appropriate
port number also.
(Talk to your network admin to find the IP address of the server, and the
port to use - the port is likely 80)
Once configured in this manner, Voyager will allow you to “surf” the Web by
using the proxy server as its “connection” to the outside world. It (the
Internet server) does all of the name resolution, and the “go-between-ing”
for you.

The Package Manager is also supposed to be able to work with proxy server
(but it never prompts me for my user and password) and fails to do so.

As far as I know, those are the only two software packages that are
programmed to use proxy servers. All other services will fail, since they
cannot “break through” the firewall without this particular programming.
Your network can be configured to allow other kinds of “pass-through”
through the firewall, but I bet you will find the network admin very
reluctant to set up any other service. (It seems to be a major pain to get
a reconfigured server working properly again once one “jiggles” the settings
on something as major as adding a new method) MS also seems to encourage a
“proxy server” only method as the most stable and fool-proof firewalling.

This means that ping, traceroute, telnet, ftp, and many other services to
outside ip addresses will not work until they learn to do it through a proxy
server.
This also means - in your case and mine - that the QNX RtP system has no
direct access to domain name resolution services anywhere, either inside or
outside. We have to basically build our own - in the /etc/hosts file. That
is only of any good for addresses that you can reach directly (on the
inside). For outside addresses, you must let the proxy server do the name
lookup for you as part of its connection services.

Hope this helps!

(Hey maybe this could be the start of one of those $100.00 articles! :wink:





\

Yes it helps. Great help! I’ve now entered the proxy info into
Voyager and Pkg Manager and am waiting on a proxy username and password.

So that said, (and I would tend to agree with your summary), how is one
supposed to work with RTP in a corporate environment given that
the package manager is the only way to get the updates.
Don’t get me wrong, network centric version control is the best
way to distribute and maintain but I too can’t seem to use
the package manager with a proxy server.
I get “Error while parsing: /root//.ph/pkg_mgr/repository/entry2/
repository.qrm.temp no element found at line 1”
instead of getting a prompt for proxy username and password.

Well QSSL? Any recommendations so I can get on my
development?


“Steve Munnings, Corman Technologies” wrote:

Mark Symmes <> msymmes@symmes.to> > wrote in message
news:> 3A140205.1D96D86E@symmes.to> …

“Steve Munnings, Corman Technologies” wrote:


This is more in the way of an answer than a problem report…
I too cannot get to the NT machines by name, but can do it by address.
I am behind a corporate firewall using NT Server.
It appears that there is NO DNS on the inside of the firewall.
All the local software (mostly Windoze in various flavours) uses WINS to
resolve names, not DNS
(More #$#%#$ Microsoft baloney!)
I can still get out to the Internet using Voyager and proxy server if I
simply set the numeric address of the “insulating” server, and the
appropriate port number.
Apparently there is no “internal” DNS available in many “mostly” MS
networks - they use WINS instead.
I believe that MS suggests this as the “safest” and “most stable” way of
running firewalls using NT Server…
( I may be mistaken, so do not take that statement as gospel)

The dhcp server does not give the dhcp client any dns address for
resolution, and when dhcp client starts up, it will “wipe” any DNS
server
address because it gets “more up-to-date” information from the dhcp
server -
which says that there is no DNS server running

Thanks. You have steered me in the right direction.
Turns out we have no DNS server on the inside of the firewall. Only WINS.
So I have taken the address that the DHCP server gave me and installed it
manually and will no longer run dhcp.client as per your notes above.
But even after creating a small /etc/hosts file I can not ping by name nor
ip address anything on the outside - I get “ping: sendto: No route to
host”.

Can you be more explicit about “using Voyager and proxy server and
setting the numeric address of the insulating server”.

What am I doing wrong?


What you are doing wrong is that you are expecting MS stuff to work in the
most obvious or intuitive way! > :sunglasses:

The essence of a firewall is to insulate the “inside user” from the
“outside”

Early firewalls did that by acting as routers and monitoring ports and
addresses and doing whatever censoring they did by not allowing connections
that did not have “blessings”.

MS vision of firewalls seems to be that every application needs to be
re-written to access a proxy port on the firewall server, talk to it using a
new protocol, and then be allowed access to the outside world (through this
port on the server). The server will do all of the name lookup, etc., and
do the actual communication to the outside.

The bottom line is that applications need to be able to talk to “proxy
servers” in order to get out through that kind of firewall.

Voyager is supposed to be able to do this - and in fact does do it. You can
still leave dhcp client running (you probably should, as this is needed for
the MS “inside network” to allocate a dynamically changing IP address to
your machine.)
What you need to do is go to the Edit->Preferences->Connections menu of
Voyager, and tell it to use proxy server for outside access.
Basically set all of the services (except SOCKS) that you see there to the
numeric ip address of your “internet server” machine and use an appropriate
port number also.
(Talk to your network admin to find the IP address of the server, and the
port to use - the port is likely 80)
Once configured in this manner, Voyager will allow you to “surf” the Web by
using the proxy server as its “connection” to the outside world. It (the
Internet server) does all of the name resolution, and the “go-between-ing”
for you.

The Package Manager is also supposed to be able to work with proxy server
(but it never prompts me for my user and password) and fails to do so.

As far as I know, those are the only two software packages that are
programmed to use proxy servers. All other services will fail, since they
cannot “break through” the firewall without this particular programming.
Your network can be configured to allow other kinds of “pass-through”
through the firewall, but I bet you will find the network admin very
reluctant to set up any other service. (It seems to be a major pain to get
a reconfigured server working properly again once one “jiggles” the settings
on something as major as adding a new method) MS also seems to encourage a
“proxy server” only method as the most stable and fool-proof firewalling.

This means that ping, traceroute, telnet, ftp, and many other services to
outside ip addresses will not work until they learn to do it through a proxy
server.
This also means - in your case and mine - that the QNX RtP system has no
direct access to domain name resolution services anywhere, either inside or
outside. We have to basically build our own - in the /etc/hosts file. That
is only of any good for addresses that you can reach directly (on the
inside). For outside addresses, you must let the proxy server do the name
lookup for you as part of its connection services.

Hope this helps!

(Hey maybe this could be the start of one of those $100.00 articles! > :wink:

Mark Symmes <msymmes@symmes.to> wrote in message
news:3A141DA6.5DE4FED3@symmes.to

Yes it helps. Great help! I’ve now entered the proxy info into
Voyager and Pkg Manager and am waiting on a proxy username and password.

So that said, (and I would tend to agree with your summary), how is one
supposed to work with RTP in a corporate environment given that
the package manager is the only way to get the updates.
Don’t get me wrong, network centric version control is the best
way to distribute and maintain but I too can’t seem to use
the package manager with a proxy server.
I get “Error while parsing: /root//.ph/pkg_mgr/repository/entry2/
repository.qrm.temp no element found at line 1”
instead of getting a prompt for proxy username and password.

Well QSSL? Any recommendations so I can get on my
development?

Yup, that is the error I see too!
for QSSL: (I am part of the Phoenix group, and am fully up to date for that
group - read between the lines)

What I do:
download the .iso file and burn it to a CD (using Windoze software), then
update from the CD repository

Its a good thing we have high speed Internet access at work - 254 Mb
downloads would take forever otherwise!

Samba ( www.samba.org ) does have WINS support,
BUT that is only for SMB/CIFS traffic.

That does not help you for general IP traffic / DNS


fs-cifs is only a client, right? does it use oplocks?

I also would recommend that Samba be patched, or the
common filesystem code be extended so that like under IRIX
( http://www.sgi.com/software/samba/faq.html#NFSandSamba )
so locks can work between net clients and local QNX processes


Steve Munnings, Corman Technologies <steve@cormantech.com> wrote in message
news:8v1182$7jt$1@inn.qnx.com

Mark Symmes <> msymmes@symmes.to> > wrote in message
news:> 3A140205.1D96D86E@symmes.to> …

“Steve Munnings, Corman Technologies” wrote:


This is more in the way of an answer than a problem report…
I too cannot get to the NT machines by name, but can do it by address.
I am behind a corporate firewall using NT Server.
It appears that there is NO DNS on the inside of the firewall.
All the local software (mostly Windoze in various flavours) uses WINS
to
resolve names, not DNS
(More #$#%#$ Microsoft baloney!)

What you are doing wrong is that you are expecting MS stuff to work in the
most obvious or intuitive way! > :sunglasses: