DNS and Time Warner Cable

Wed Dec 5 14:28:24 CST 2001

It was my IPF rules.  I was eating the UDP packets.  Thx all!

Gerald Combs wrote:

>My /var/db/dhclient.leases says:
>
>lease {
>  interface "rl1";
>  fixed-address 65.26.108.252;
>  option subnet-mask 255.255.254.0;
>  option routers 65.26.108.1;
>  option domain-name-servers 24.94.163.165,24.94.163.113,24.94.163.33;
>  option host-name "dhcp-291-59";
>  option domain-name "kc.rr.com";
>  option broadcast-address 255.255.255.255;
>  option dhcp-lease-time 86400;
>  option dhcp-message-type 5;
>  option dhcp-server-identifier 24.94.163.113;
>  renew 3 2001/12/5 08:10:55;
>  rebind 3 2001/12/5 17:10:55;
>  expire 3 2001/12/5 20:10:55;
>}
>
>I have
>
>pass in  quick on rl1 proto udp from 24.0.0.0/8 to any port = bootpc
>
>in my ipf.rules.  I'm also running a DNS server on my firewall, so my
>inside machines don't have to worry about Road Runner's DNS server
>addresses.
>
>
>On Tue, 4 Dec 2001, Marvin Bellamy wrote:
>
>>Might be my ipf.rules are blocking  DHCP/UDP packets which wouldn't have 
>>been a problem with DSL.  I'll have to confirm this.  Anyone know the IP 
>>of the RR DHCP server?
>>
>>Marvin Bellamy wrote:
>>
>>>In-line comments...
>>>
>>>ndr wrote:
>>>
>>>>On Tue, 4 Dec 2001, Marvin Bellamy wrote:
>>>>
>>>>>Setup:
>>>>>OpenBSD firewall on a Pentium 133, running IPF and IPNAT
>>>>>RedHat 7.2 on my desktop, Pentium 500
>>>>>
>>>>Which version of OpenBSD? I have the same setup with RR and it works 
>>>>fine.
>>>>
>>>
>>>OpenBSD 2.8.  How did you configure your external hostname.if file?  I 
>>>just have "dhcp" in mine since I wasn't aware of any other options 
>>>that I'd need.
>>>
>>>>
>>>>>Hey all.  I just moved to Praire Village, but with no DSL access I 
>>>>>switched to Road Runner.  I reconfigured my external NIC to use DHCP 
>>>>>and the session appears to open successfully.  The problem is DNS 
>>>>>isn't working.  The resolv.conf file is rewritten  with  a "search" 
>>>>>on the kc.rr.com domain and the three RR DNS servers as 
>>>>>"nameserver"s.  I can ping external IPs, but I just can't resolve 
>>>>>names.  I even tried reconfiguring my desktop to use the old DSL 
>>>>>nameservers to no avail. Any suggestions?
>>>>>
>>>>Try doing a tcpdump on the external NIC. Are you seeing the DNS traffic
>>>>getting out? How do you have your NAT setup? Any IPF rules? Does an
>>>>nslookup timeout or does it return an error immediately?
>>>>
>>>
>>>Running tcpdump produced practically no output, and that output did 
>>>not appear to be related to my DNS queries.  I saw a few dumps with 
>>>...arp who-has... that usually referenced my gateway address or 
>>>24.163.154.160, whatever that is.  It isn't one of the DNS servers.  
>>>Are there any different types of packets that DHCP might use that 
>>>would have been blocked by my ipf.rules?  My firewall is essentially 
>>>unchanged.
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>
>