DNS BIND zone transfer error: "failed to connect: host unreachable" - server

I am setting up two local authoritative BIND DNS servers so that a client may communicate with virtual hosts on an apache server. One is the master (10.2.56.209) the other is the slave (10.2.56.186). I have the servers configured and they start, but I get this error in the log file on the slave when it tries to do the zone transfer from the master.
transfer of '2.10.in-addr.arpa/IN' from 10.2.56.209#53: failed to connect: host unreachable
transfer of '2.10.in-addr.arpa/IN' from 10.2.56.209#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.002 secs (0 bytes/sec)
Slave's named.conf file
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion no;
allow-transfer { none; };
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
zone "cit.nku.edu" IN {
type slave;
file "cit.nku.edu";
masters{10.2.56.209; };
};
zone "2.10.in-addr.arpa" IN {
type slave;
file "2.10.in-addr.arpa";
masters{10.2.56.209; };
};
Master's named.conf file
options {
listen-on port 53 { 10.2.56.209; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion no;
allow-transfer { none; };
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
zone "cit.nku.edu" IN {
type master;
file "cit.nku.edu";
allow-transfer { 10.2.56.186; };
notify yes;
};
# reverse zone
zone "2.10.in-addr.arpa" IN {
type master;
file "2.10.in-addr.arpa";
allow-transfer {localhost; 10.2.56.186;};
notify yes;
};
forward zone file on the master
$TTL 1H
# IN SOA ns1.cit.nku.edu. root.cit.nku.edu (
10 ; serial
1H ; refresh
15M ; retry
4W ; expire
1H ; Negative caching TTL of 1 hour
)
; Name servers
cit.nku.edu. IN NS ns1.cit.nku.edu.
cit.nku.edu. IN NS ns2.cit.nku.edu.
ns1 IN A 10.2.56.209
ns2 IN A 10.2.56.186
# IN A 10.2.62.33
www IN A 10.2.62.33
reverse zone file
$TTL 86400
$ORIGIN 2.10.IN-ADDR.ARPA.
# IN SOA ns1.cit.nku.edu. root.cit.nku.edu. (
10 ;Serial
3600 ;refresh
1800 ;retry
604800 ;expire
86400 ;minimum ttl
)
; Name Servers
IN NS ns1.cit.nku.edu.
IN NS ns2.cit.nku.edu.
IN PTR cit.nku.edu.
209.56 IN PTR ns1.cit.nku.edu.
186.56 IN PTR ns2.cit.nku.edu.
33.62 IN PTR www.cit.nku.edu.
I can ping them between each other and dig the host names (ns1, ns2), but I cannot dig the ip addresses themselves. I have added the corresponding entries in the /etc/hosts and /etc/hostname files. I can provide other documents if needed. Any help is appreciated.

Related

Prevent nginx from killing idle tcp sockets

I'm trying to use nginx as a reverse proxy for ssl/tcp sockets (so that I can write my server custom as raw tcp, but have nginx handle the ssl certificates). My use case requires the tcp connections remain alive, but to go idle (no packets back and forth) for extended periods of time (determined by the client, but as long as an hour). Unfortunately, nginx kills my socket connections after the first 10 minutes (timed to within a second) of inactivity, and I haven't been able to find either online or in the docs what actually controls this timeout.
I know that it has to be nginx doing it (not my raw server timing out, or my client's ssl socket), since I can directly connect to the server's raw tcp server without timeout issues, but if I run nginx as a raw tcp reverse proxy (no ssl) it does timeout.
Here's some code to reproduce the issue, note that I've commented out the ssl relevent pieces in nginx because the timeout occurs either way.
/etc/nginx/modules-enabled/test.conf:
stream {
upstream tcp-server {
server localhost:33445;
}
server {
listen 33446;
# listen 33446 ssl;
proxy_pass tcp-server;
# Certs
# ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
}
}
server.js;
const net = require("net");
const s = net.createServer();
s.on("connection", (sock) => {
console.log('Got connection from', sock.remoteAddress, sock.remotePort );
sock.on("error", (err) => {
console.error(err)
clearInterval(i);
});
sock.on("close", () => {
console.log('lost connection from', sock.remoteAddress, sock.remotePort );
clearInterval(i);
});
});
s.listen(33445);
client.js
const net = require('net');
const host = 'example.com';
let use_tls = false;
let client;
let start = Date.now()
// Use me to circumvent nginx, and no timeout occurs
// let port = 33445;
// Use me to use nginx, and no timeouts occur after 10 mins of no RX/TX
let port = 33446;
client = new net.Socket();
client.connect({ port, host }, function() {
console.log('Connected via TCP');
// Include me, and nginx doesn't kill the socket
// setInterval(() => { client.write("ping") }, 5000);
});
client.on('end', function() {
console.log('Disconnected: ' + ((Date.now() - start)/1000/60) + " mins");
});
I've tried various directives in the nginx stream block, but nothing seems to help. Thanks in advance!

Laravel ReactPHP Socket server need to restart on day of start

I've created the server in laravel command file & set in supervisor to run the socket server continuously to accept client msg
Laravel Command file code
Server.php
$loop = React\EventLoop\Factory::create();
$IP = getHostByName(getHostName()); // this will get current server IP address // 192.168.0.50
$socket = new React\Socket\Server($IP.':8080', $loop);
$socket->on('connection', function (React\Socket\ConnectionInterface $connection) {
$connection->on('data', function ($data) use ($connection) {
// process data sent from client
});
});
$loop->run();
Client.php
$loop = React\EventLoop\Factory::create();
$connector = new React\Socket\Connector($loop);
$connector->connect('192.168.0.50:8080')->then(function (React\Socket\ConnectionInterface $connection) use ($loop,$data) {
$connection->write($data); // sent data to Server.php
});
$loop->run();
This is working fine but when I check on the next day it will be sent data from Client.php but not received at Server.php Then restart Supervisor of Server.php / php artisan server then it working fine for the whole day
I've found what exactly happen.
I've set IP with port 192.168.0.50:8080 to communicate with the server. but checked the next day the IP is changed to 127.0.0.1:8080.
Below is the solution to communicate with any IP address.
Server.php
$loop = React\EventLoop\Factory::create();
$IP = getHostByName(getHostName()); // this will get current server IP address // 192.168.0.50
$IP = '0.0.0.0'; -> set this to I/O to any IP address
$socket = new React\Socket\Server($IP.':8080', $loop);
$socket->on('connection', function (React\Socket\ConnectionInterface $connection) {
$connection->on('data', function ($data) use ($connection) {
// process data sent from client
});
});
$loop->run();
sudo lsof -i -P -n | grep LISTEN -> run this cmd to check 8080 port
with updated code, It's showing now *:8080

Using both TCP and UDP protocols seem not to work on Ethernet Shield w5100

I'm having a problem using both TCP and UDP in the same sketch. What appears to happen is that if the same socket is reused for UDP after it was in use for TCP, UPD fails to receive data. I was able to reproduce this with the WebServer example. I've added to it a DNS query once in every 10 seconds to query yahoo.com IP address. The DSN queries succeed if I'm not creating any client traffic from the browser. After I query the server over HTTP over TCP, the DSN queries start to fail. DNS queries are implemented in UDP. This is the code that I'm using:
/*
Web Server
A simple web server that shows the value of the analog input pins.
using an Arduino Wiznet Ethernet shield.
Circuit:
* Ethernet shield attached to pins 10, 11, 12, 13
* Analog inputs attached to pins A0 through A5 (optional)
created 18 Dec 2009
by David A. Mellis
modified 9 Apr 2012
by Tom Igoe
modified 02 Sept 2015
by Arturo Guadalupi
*/
#include <SPI.h>
#include <Ethernet.h>
#include <Dns.h>
// Enter a MAC address and IP address for your controller below.
// The IP address will be dependent on your local network:
byte mac[] = {
0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED
};
IPAddress ip(192, 168, 1, 177);
// Initialize the Ethernet server library
// with the IP address and port you want to use
// (port 80 is default for HTTP):
EthernetServer server(80);
unsigned long t0;
void setup() {
// You can use Ethernet.init(pin) to configure the CS pin
//Ethernet.init(10); // Most Arduino shields
//Ethernet.init(5); // MKR ETH shield
//Ethernet.init(0); // Teensy 2.0
//Ethernet.init(20); // Teensy++ 2.0
//Ethernet.init(15); // ESP8266 with Adafruit Featherwing Ethernet
//Ethernet.init(33); // ESP32 with Adafruit Featherwing Ethernet
// Open serial communications and wait for port to open:
Serial.begin(9600);
while (!Serial) {
; // wait for serial port to connect. Needed for native USB port only
}
Serial.println("Ethernet WebServer Example");
// start the Ethernet connection and the server:
Ethernet.begin(mac, ip);
// Check for Ethernet hardware present
if (Ethernet.hardwareStatus() == EthernetNoHardware) {
Serial.println("Ethernet shield was not found. Sorry, can't run without hardware. :(");
while (true) {
delay(1); // do nothing, no point running without Ethernet hardware
}
}
if (Ethernet.linkStatus() == LinkOFF) {
Serial.println("Ethernet cable is not connected.");
}
// start the server
server.begin();
Serial.print("server is at ");
Serial.println(Ethernet.localIP());
t0 = millis();
}
void loop() {
// listen for incoming clients
EthernetClient client = server.available();
if (client) {
Serial.println("new client");
// an http request ends with a blank line
boolean currentLineIsBlank = true;
while (client.connected()) {
if (client.available()) {
char c = client.read();
// if you've gotten to the end of the line (received a newline
// character) and the line is blank, the http request has ended,
// so you can send a reply
if (c == '\n' && currentLineIsBlank) {
// send a standard http response header
client.println("HTTP/1.1 200 OK");
client.println("Content-Type: text/html");
client.println("Connection: close"); // the connection will be closed after completion of the response
client.println("Refresh: 5"); // refresh the page automatically every 5 sec
client.println();
client.println("<!DOCTYPE HTML>");
client.println("<html>");
// output the value of each analog input pin
for (int analogChannel = 0; analogChannel < 6; analogChannel++) {
int sensorReading = analogRead(analogChannel);
client.print("analog input ");
client.print(analogChannel);
client.print(" is ");
client.print(sensorReading);
client.println("<br />");
}
client.println("</html>");
break;
}
if (c == '\n') {
// you're starting a new line
currentLineIsBlank = true;
} else if (c != '\r') {
// you've gotten a character on the current line
currentLineIsBlank = false;
}
}
}
// give the web browser time to receive the data
delay(1);
// close the connection:
client.stop();
Serial.println("client disconnected");
}
if (millis() - t0 > 10000)
{
DNSClient dns;
dns.begin(IPAddress(8,8,8,8));
IPAddress yahoo;
if (dns.getHostByName("yahoo.com", yahoo) == 1)
{
Serial.print("Yahoo: ");
Serial.print(yahoo[0]);
Serial.print(".");
Serial.print(yahoo[1]);
Serial.print(".");
Serial.print(yahoo[2]);
Serial.print(".");
Serial.println(yahoo[3]);
}
else
{
Serial.println("Failed to query yahoo.com IP address");
}
t0 = millis();
}
}
Is this a known issue? Can someone please help in identifying the problem in my code, or if there is a workaround for this issue? Can it be a hardware issue? I'm using SunFounder boards, not the original Arduino boards.
Thanks a lot,
Boaz,

connect() - IP blocked, how to connect using hostname?

when I try to connect to a webserver, my "FritzBox" (residential gateway device) is configured to block all connections that connect directly to an IP, not a host name.
However, the connect() function only lets me connect using an IP address.
How can I connect() to a server using the host name (the way web browsers do)?
Many thanks.
... my "FritzBox" (residential gateway device) is configured to block all connections that connect directly to an IP, not a host name...
It looks like you are trying to bypass the settings of the child protection feature of the Fritzbox. What these settings mean in reality is that it will only allow HTTP connections which have a real hostname inside the Host-header of the HTTP-Request and not connections containing an IP only, i.e. it will allow http://example.com/ but not http://10.10.10.10/. For an example of the Host header look at the HTTP example request at Wikipedia.
First of all connections are always connecting to an IP address, not a host name. So your gateway is doing something else than what you're telling us, it can't tell the difference on how a client connects to something. What it could do is inspect certain protocols specifically, e.g. look for a Host: header in HTTP requests.
But to answer your question: You need to look up the host name with DNS and convert it to an IP address. This can be done all in one go by the getaddrinfo() function, getaddrinfo() will perform lookups in a platform specific way by e.g. looking at host files and/or do DNS lookups: e.g.
int clientfd;
struct addrinfo hints, *servinfo, *p;
int rc;
const char *port = "80";
const char *host = "www.google.com";
memset(&hints, 0, sizeof hints);
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
if ((rc = getaddrinfo(host, port, &hints, &servinfo)) != 0) {
fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(rv));
exit(1);
}
// getaddrinfo() can map the name to several IP addresses
for(p = servinfo; p != NULL; p = p->ai_next) {
if ((clientfd= socket(p->ai_family,
p->ai_socktype,p->ai_protocol)) == -1) {
perror("socket()");
continue;
}
if (connect(clientfd, p->ai_addr, p->ai_addrlen) == -1) {
close(sockfd);
continue;
}
break; //got a connection
}
if (p == NULL) {
fprintf(stderr, "connect() failed\n");
exit(2);
}
freeaddrinfo(servinfo);
//use clientfd

Sending e-mail via lua nginx timeout error

I'm trying to send e-mail via lua+nginx.
Lapis (Lua) code
local smtp = require("socket.smtp")
app:get("/ee", function(self)
local from = "<mail0#mydns.name>"
local rcpt = {
"<mail1#gmail.com>"
}
local mesgt = {
headers = {
to = "PP <mail1#gmail.com>",
cc = '"V.V." <mail2#gmail.com>',
subject = "My first message"
},
body = "I hope this works. If it does, I can send you another 1000 copies."
}
local r, e = smtp.send{
from = from,
rcpt = rcpt,
source = smtp.message(mesgt),
server = "127.0.0.1",
port = 25
}
return "R:" .. tostring(r) .. " E: " .. tostring(e)
end)
gives timeout error (after several seconds passed): "R: nil E: timeout"
Nginx config is:
http{
server{
listen 9000;
location = /cgi-bin/nginxauth.cgi {
add_header Auth-Status OK;
add_header Auth-Server 127.0.0.1; # backend ip
add_header Auth-Port 25; # backend port
return 200;
}
}
}
mail {
auth_http localhost:9000/cgi-bin/nginxauth.cgi;
server {
server_name mydns.name;
listen 25;
protocol smtp;
proxy on;
timeout 5s;
proxy_pass_error_message on;
#smtp_auth login plain;
xclient on;
smtp_auth none;
}
}
I do not understand the core of mail server. How to configure? How to use nginx server? I think timeout error appears due to mail-server just redirect but doesnt process email data, am I right? Or what have I do to fix with error?