[Info-vax] duplicated DNS domain name (was: Re: stupid network tricks)

lists at openmailbox.org lists at openmailbox.org
Mon Mar 9 11:58:47 EDT 2015 

Hi,

On Mon, 9 Mar 2015 09:55:35 -0400
Stephen Hoffman via Info-vax <info-vax at rbnsn.com> wrote:

> On 2015-03-09 13:27:13 +0000, <lists at openmailbox.org> said:
> 
> > Sorry for the delay. I couldn't get to this machine until now.
> 
> As an alternative to Info-VAX, consider visiting 
> http://www.eternal-september.org and get a free account, and use that 
> with a news reader for your preferred platform.  That will allow you to 
> access comp.os.vms directly.

I prefer mailing lists and anyway I meant I couldn't get to the box where
SIMH is running.

> 
> > 
> >>> My SHOW NET display seems to indicate a problem with the TCP/IP node
> >>> name on my system.
> > 
> > $ SHOW NET
> > 
> > Product:  DECNET      Node:  MYNODE         Address(es): 1.1
> > Product:  TCP/IP      Node:  MYNODE.EXAMPLE.COM.example.com 
> > Address(es): aa.bb.cc.dd
> 
> Again, that's usually a not-FQDN entry somewhere in the configuration.

I'll try reentering it with a trailing .

Ok, shutdown/restarted TCP/IP...that did nothing. No change in SHOW NET
output.

> Is the aa.bb.cc.dd address private or public?  (Technically, 
> aa.bb.cc.dd is a real, public, valid IPv4 IP address, but I'm guessing 
> you're not comfiguring OpenVMS at what's more commonly known as 
> 170.187.204.221.)

The address is a private address on my lan.

> 
> 
> >> What are your settings for the BIND resolver:
> >> 
> >> TCPIP> sho name
> > 
> > TCPIP> sho name
> > 
> > BIND Resolver Parameters
> > 
> > Local domain: example.com
> > 
> > System
> > 
> >  State:    Started, disabled
> >  Transport: UDP
> >  Domain:
> >  Retry:    Not defined
> >  Timeout:  Not defined
> >  Servers:  No values defined
> >  Path:     No values defined
> > 
> > Process
> > 
> >  State:    Disabled
> > 
> >  Transport:
> >  Domain:
> >  Retry:
> >  Servers:
> >  Path:
> 
> That's not an expected configuration.  Looks like the baseline 
> configuration was skipped, or maybe — and I don't recommend using DHCP 
> — DHCP went sideways somewhere.

I'm using DHCP because that's what I do with all the boxes on my LAN. It's
easier to keep track of things by their MAC and assign them an orderly
address on my lan. Going to direct config instead doesn't fix the problem.

> You shuld see the domain and the servers listed.  Newer operating systems
> can tend to adapt better to the network, or to configuration details.
> With VMS, you get to tell it more of the details, and DHCP isn't
> something that various folks have had the best outcome with.  That means
> performing at least the entire core network configuration sequence in
> TCPIP$CONFIG tool, if that's not already been completed.  (I'd expect
> this is an issue, if not the issue — I'd expect to see a domain listed in
> the above.)

I did go through TCPIP$CONFIG several times. I don't know if I did it
correctly since I was following a tutorial I found on the net.

> If you have not already done so, minimally complete option 1 and the 
> core configuration, and it's generally better to use the A option and 
> get most of the stuff you'll immediately need sort-of working:

I have several times already so another time won't hurt. I just did and
nothing changed in SHOW NET output.

> 
> $ @sys$manager:tcpip$config
> 
>         Checking TCP/IP Services for OpenVMS configuration database files.
> 
> ...
> 
>         HP TCP/IP Services for OpenVMS Configuration Menu
> 
>         Configuration options:
> 
>                  1  -  Core environment
>                  2  -  Client components
>                  3  -  Server components
>                  4  -  Optional components
> 
>                  5  -  Shutdown HP TCP/IP Services for OpenVMS
>                  6  -  Startup HP TCP/IP Services for OpenVMS
>                  7  -  Run tests
> 
>                  A  -  Configure options 1 - 4
>                 [E] -  Exit configuration procedure
> 
> Enter configuration option:
> 
> 
> >> TCPIP> sho config name
> > 
> > %TCPIP-E-CONFIGERROR, error processing configuration request
> > -TCPIP-E-NAMERROR, error processing name service request
> > -RMS-E-RNF, record not found
> 
> The baseline configuration with TCP/IP Services should have created a
> resolver.
> 
> Re-invoke the core services configuration sequence within the 
> TCPIP$CONFIG tool.
> > 
> >> SHOW HOST /LOCAL will show any locally-added host names.
> > 
> > $ SHOW HOST /LOCAL
> > 
> > %DCL-W-IVKEYW, unrecognized keyword - check validity and spelling
> 
> TCPIP> SHOW HOST /LOCAL

  LOCAL database

Host address     Hostname
127.0.0.1        LOCALHOST, localhost
aa.bb.cc.dd      MYNODE.EXAMPLE.COM


> 
> >> If you don't have local DNS (BIND server or otherwise), then the BIND
> >> resolver configuration — above — might be the source of the error.
> > 
> > There should be no BIND services.
> 
> Arguably, there should be DNS servers, but then OpenVMS is much more 
> willing to run insecurely than other servers, and unfortunately less 
> likely to notice the usual sorts of attacks.  Your call.

This system is behind a router/firewall. Right now it is not on the air. I
can port forward if I want to let people telnet in, etc. 

I am not sure how things should look on VMS but as far as the other OS I
have they use /etc/resolv.conf which uses my router as a nameserver.
Now that I think of it this seems suboptimal. I seem to remember separate
DNS entries but all it has now is the entry for my router. I will check it
on another UNIX box later. Should be slow but should not have anything to
do with this (famous last words).

Where do you set up DNS server addresses in OpenVMS VAX? I can't resolve
address outside my lan, so at this this much is not setup correctly. I just
tried adding the router address as the BIND server address and I can now
resolve external names. But the following spits out errors and warnings
that were not there previously:

TCPIP> show host *

Host address     Hostname
127.0.0.1        LOCALHOST, localhost
aa.bb.cc.dd      MYNODE.EXAMPLE.COM
%TCPIP-E-BIND_NOSERVERS, default servers are not available
%TCPIP-W-NORECORD, information not found
-TCPIP-E-BIND_NOSERVERS, default servers are not available

Is this normal when all you have is name resolution but are not serving
services or did I just break something else by trying this?

> It's also possible that the emulator is getting in the way.  The 
> virtual (emulated) networking implementation has been a longstanding 
> source of weird problems with OpenVMS, and the documentation associated 
> with various of the emulators has had large gaps, or wasn't entirely 
> current for the version of the emulator in use.

I really don't know. I was using a bridged network to run SIMH in user mode
and it works fine. I wondered if that was causing wierd name resolution
(duplication) because of the bridge so I brought it up again running as
root and no network bridging and the SHOW NET output is unchanged. So that
wasn't it.

I believe I tried turning DHCP off before and it didn't change the SHOW NET
display either. Just tried it now and doesn't help.

Again, the "problem" is not a functional issue, it's just that SHOW NET
doesn't look reasonable. Otherwise the actual network functionality, given
the box is not on the air and not in a DMZ, is fine i.e. telnet and ftp in
and out work.

Thank you.

-- 
Please DO NOT COPY ME on mailing list replies. I read the mailing list.
RSA 4096 fingerprint 7940 3F02 16D3 AFEE F2F8  ACAA 557C 4B36 98E4 4D49

More information about the Info-vax mailing list