NAVIGATION
CATEGORIES
REFERRENCE
LINKS
DNS resolution failure on boot (dynamic DNS)
17 answers - 888 bytes -
dear list,
I have the following problem: my server has a dynamic ip, so I tell
proftpd to use the hostname instead for MasqueradeAdress. Now when the
computer boots, proftpd gets started after the network startup has
finished, but before dhcp has managed to obtain any dns information. As
a result, proftpd fails to start.
I see no elegant way out of this problem. Shouldn't proftpd be more
prepared for dns failures (for instance make several retries with given
time periods)?
Cheers,
Misha
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
ProFTPD Users List <proftpd-users (AT) proftpd (DOT) org>
Unsubscribe problems?No.1 | | 1183 bytes |
| 
I have the following problem: my server has a dynamic ip, so I tell
proftpd to use the hostname instead for MasqueradeAdress. Now when the
computer boots, proftpd gets started after the network startup has
finished, but before dhcp has managed to obtain any dns information. As
a result, proftpd fails to start.
I see no elegant way out of this problem. Shouldn't proftpd be more
prepared for dns failures (for instance make several retries with given
time periods)?
Not everyone uses dynamic IP addresses, so having the core application
make DNS requests, whichs latency, unnecessarily is not a good thing.
Instead, you might look into using this add-on module:
Cheers,
TJ
Mankind will not be reasoned out of the feelings of humanity.
-Sir William Blackstone
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
ProFTPD Users List <proftpd-users (AT) proftpd (DOT) org>
Unsubscribe problems?No.2 | | 948 bytes |
| >I have the following problem: my server has a dynamic ip, so I tell
>proftpd to use the hostname instead for MasqueradeAdress. Now when the
>computer boots, proftpd gets started after the network startup has
>finished, but before dhcp has managed to obtain any dns information. As
>a result, proftpd fails to start.
Instead, you might look into using this add-on module:
Thanks for the link! Do I understand correctly that with this module
proftpd won't panic if dns resolution is not available?
Cheers,
Misha
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
ProFTPD Users List <proftpd-users (AT) proftpd (DOT) org>
Unsubscribe problems?No.3 | | 704 bytes |
| Tue, Aug 08, 2006 at 01:47:18AM +0300, Misha Aizatulin wrote:
I have the following problem: my server has a dynamic ip,
Servers don't have dynamic IP addresses. Desktops do, but not real
servers.
If this is a home system, get something like a Linksys router/firewall
to put in front of it which handles the dynamic addressing for you and
then configure your "server" with a static IP address.
/Ed
I see no elegant way out of this problem. Shouldn't proftpd be more
prepared for dns failures (for instance make several retries with given
time periods)?
Real servers expect DNS to work. I don't see anything wrong with that.
/EdNo.4 | | 1918 bytes |
| Ed Wilts wrote:
Tue, Aug 08, 2006 at 01:47:18AM +0300, Misha Aizatulin wrote:
>I have the following problem: my server has a dynamic ip,
Servers don't have dynamic IP addresses. Desktops do, but not real
servers.
Sorry, for a wrong word. The ftp server runs on my own home computer.
I meant server as a piece of software, not a piece of metal.
If this is a home system, get something like a Linksys router/firewall
to put in front of it which handles the dynamic addressing for you and
then configure your "server" with a static IP address.
I do have a router (Linksys by the way :) - otherwise I'd have no
problem! I want my ftp server to be visible outside, not just inside the
house. For that it has to know it's own address in the outside world
(because of the router and masquerading).
>I see no elegant way out of this problem. Shouldn't proftpd be more
>prepared for dns failures (for instance make several retries with given
>time periods)?
Real servers expect DNS to work. I don't see anything wrong with that.
They shouldn't crash, when DNS is not available. Sometimes the DNS
server of the provider goes down for instance. A bigger problem is the
situation that I described: immediately after starting network, it takes
several seconds to obtain names of dns servers. I need the server to
survive these several seconds and try again later.
Cheers,
Misha
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
ProFTPD Users List <proftpd-users (AT) proftpd (DOT) org>
Unsubscribe problems?No.5 | | 2626 bytes |
| Tue, Aug 08, 2006 at 02:52:57PM +0300, Misha Aizatulin wrote:
Ed Wilts wrote:
Tue, Aug 08, 2006 at 01:47:18AM +0300, Misha Aizatulin wrote:
I do have a router (Linksys by the way :) - otherwise I'd have no
problem! I want my ftp server to be visible outside, not just inside the
house. For that it has to know it's own address in the outside world
(because of the router and masquerading).
Slightly off topic, but you shouldn't run an FTP server at home that's
visible to the outside world - use ssh instead.
I don't think you do need to specify a WAN address. I haven't done this
with FTP but have done it with http. Configure the Linux system with an
address of say 192.168.0.2 - it will always be static. Then on the
Linksys router, forward the ports you need to the Linux system.
This is really not much different than what I have at the office in a
large production environment - the addresses are all NAT'ed by the
firewalls. The servers have static IP address, but they're not the
addresses that you would connect to from the Internet. I transfer
hundreds of thousands of files per month and this has never caused a
problem. We do have real firewalls, not Linksys routers though.
Real servers expect DNS to work. I don't see anything wrong with that.
They shouldn't crash, when DNS is not available. Sometimes the DNS
server of the provider goes down for instance.
That's why there's redundancy in the DNS namespace. DNS must always be
available. If you need to run a DNS server on your Linux system, then
so be it. What it boils down to is if all of your DNS servers are down,
then customers can't get to you in the first place if your DNS
ocnfigured properly. If you don't want to run a DNS server locally (you
don't need to but it helps for local connections to have a split DNS),
ensure that you have your resolv.conf configured to point to multiple
DNS providers - they don't have to be your own ISP.
A bigger problem is the situation that I described: immediately after
starting network, it takes several seconds to obtain names of dns
servers.
ProFTPd should start after the network, and since the IP address should
be static, and the name properly configured in /etc/hosts, there are no
issues.
I need the server to survive these several seconds and try again
later.
I do not see that you have a ProFTPd problem - I see that you need to
fix your implementation.
/EdNo.6 | | 1068 bytes |
| Thanks for the link! Do I understand correctly that with this module
proftpd won't panic if dns resolution is not available?
No. ProFTPD always requires an IP address, period. Your issue was that
you are using a DNS name, rather than an IP address; in such cases,
proftpd _must_ resolve that DNS name to its IP address. If the DNS is not
configured for that name, there's a problem. And it is not a proftpd
problem specifically (i.e. not "a crash" or "panic"); it's a requirement.
The FTP protocol mandates use of IP addresses.
TJ
And forget not that the earth delights to feel your bare feet and the winds
long to play with your hair.
-Kahlil Gibran
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
ProFTPD Users List <proftpd-users (AT) proftpd (DOT) org>
Unsubscribe problems?No.7 | | 1832 bytes |
| Slightly off topic, but you shouldn't run an FTP server at home that's
visible to the outside world - use ssh instead.
I want my files to be accessible by lamers without a password - IE
doesn't handle ssh or scp connections, right?
I don't think you do need to specify a WAN address.
I do - for passive mode. In passive mode the server tells the client
to connect to it by giving the ip and the port. For that the server has
to know its own ip as seen by the client. This is where
MasqueradeAddress directive comes into play. In extended passive mode
this is different, but "normal" passive mode used among others by
Firefox and some command-line *ix clients doesn't work correctly without
MasqueradeAddress.
An http server does not have such a problem - the protocol works
differently from ftp.
ensure that you have your resolv.conf configured to point to multiple
DNS providers - they don't have to be your own ISP.
This might be the way to solve it - just have one DNS server
statically included in resolv.conf, specially for this case.
>I need the server to survive these several seconds and try again
>later.
I do not see that you have a ProFTPd problem - I see that you need to
fix your implementation.
You mean to fix my linux distribution? :) See my next mail for
thoughts on that
Cheers,
Misha
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
ProFTPD Users List <proftpd-users (AT) proftpd (DOT) org>
Unsubscribe problems?No.8 | | 1538 bytes |
| TJ Saunders wrote:
>Thanks for the link! Do I understand correctly that with this module
>proftpd won't panic if dns resolution is not available?
No. ProFTPD always requires an IP address, period. Your issue was that
you are using a DNS name, rather than an IP address; in such cases,
proftpd _must_ resolve that DNS name to its IP address. If the DNS is not
configured for that name, there's a problem. And it is not a proftpd
problem specifically (i.e. not "a crash" or "panic"); it's a requirement.
The FTP protocol mandates use of IP addresses.
, so I have to solve it another way - the add-on wouldn't help. A
clean way would be to have a script that waits till the dhcp client
obtains dns information (say by monitoring resolv.conf) and then
attempts to start proftpd (that means I have to modify the proftpd
startup script).
Another way is to change the getaddrinfo timeout. Is it possible at all?
The last and the simplest option is to have a static dns server always
configured - maybe I'll go for this one.
Thanks for your help!
Cheers,
Misha
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
ProFTPD Users List <proftpd-users (AT) proftpd (DOT) org>
Unsubscribe problems?No.9 | | 915 bytes |
| Another way is to change the getaddrinfo timeout. Is it possible at all?
Yes, but that is not something that's handled by the proftpd code. That
is a DNS resolver library issue. Also, I would question why you think
this would be necessary; most DNS lookups have specific timeouts for a
reason.
TJ
eyes are holden such that we cannot see things that stare us in the face,
until the hour arrives when the mind is ripened, then we behold them, and
the time when we saw them not is like a dream.
-Ralph Waldo Emerson
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
ProFTPD Users List <proftpd-users (AT) proftpd (DOT) org>
Unsubscribe problems?No.10 | | 559 bytes |
| Also, I would question why you think
this would be necessary; most DNS lookups have specific timeouts for a
reason.
That's why I probably go for one of the other two solutions.
Misha
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
ProFTPD Users List <proftpd-users (AT) proftpd (DOT) org>
Unsubscribe problems?No.11 | | 1638 bytes |
| Tue, Aug 08, 2006 at 09:39:47PM +0300, Misha Aizatulin wrote:
Slightly off topic, but you shouldn't run an FTP server at home that's
visible to the outside world - use ssh instead.
I want my files to be accessible by lamers without a password - IE
doesn't handle ssh or scp connections, right?
Nope. IE can transfer files via http though - it's much better at that
than ftp.
I don't think you do need to specify a WAN address.
I do - for passive mode. In passive mode the server tells the client
to connect to it by giving the ip and the port. For that the server has
to know its own ip as seen by the client. This is where
MasqueradeAddress directive comes into play. In extended passive mode
this is different, but "normal" passive mode used among others by
Firefox and some command-line *ix clients doesn't work correctly without
MasqueradeAddress.
You sure? Again, I do *NT* have a MaqueradeAddress line, and it
functions properly on my work system. I've just ncftp with passive on
and off and it works. I tested with lftp and it works fine. I tested
the normal ftp client and it works fine. Now I have a true firewall at
work, not a Linksys blue box, but it clearly demonstrates that ProFTPd
can work without a MasqueradeAddress entry and in passive mode.
I do not see that you have a ProFTPd problem - I see that you need to
fix your implementation.
You mean to fix my linux distribution? :) See my next mail for
thoughts on that
No - either the ProFTPd config or the firewall.
/EdNo.12 | | 3375 bytes |
| >I want my files to be accessible by lamers without a password - IE
>doesn't handle ssh or scp connections, right?
Nope. IE can transfer files via http though - it's much better at that
than ftp.
With http it can also copy whole folders at once, which is very
useful. Why would people use ftp at all if http could do the same?
I don't think you do need to specify a WAN address.
>I do - for passive mode. In passive mode the server tells the client
>to connect to it by giving the ip and the port. For that the server has
>to know its own ip as seen by the client. This is where
>MasqueradeAddress directive comes into play. In extended passive mode
>this is different, but "normal" passive mode used among others by
>Firefox and some command-line *ix clients doesn't work correctly without
>MasqueradeAddress.
You sure? Again, I do *NT* have a MaqueradeAddress line, and it
functions properly on my work system. I've just ncftp with passive on
and off and it works. I tested with lftp and it works fine. I tested
the normal ftp client and it works fine.
Some clients do fallback to active even when passive is on. Some
clients use extended passive mode - this one does work. But have you
tested with firefox? Did you try to access it from the outside of your
work network? It also fails with an old command line client. The client
doesn't even have a switch to show it's version, so I can't tell you :)
After all, how do you think your passive mode works? I have read the
RFC when I was debugging my problem and it states very clearly that the
server tells the client, to which ip and port the client should connect.
This corresponds to what the traffic dump shows me. From where does your
server have it's own ip address that it can give to the client?
I do not see that you have a ProFTPd problem - I see that you need to
fix your implementation.
>You mean to fix my linux distribution? :) See my next mail for
>thoughts on that
No - either the ProFTPd config or the firewall.
Both have nothing which could help me.
In fact the solution I am using now is to modify the proftpd start script:
0
start)
echo -n "Starting proftpd"
# we first make sure that all host names in the config file
# can be resolved
CNFIGK=0
for ((i=0; i<10; i++)); do
$FBIN -t /dev/null 2>&1
if [ $? == 0 ]; then CNFIGK=1; break; fi
sleep 1
done
if [ $CNFIGK == 0 ]; then
echo "Proftpd: configuration file problem"
rc_failed
else
## Start daemon with startproc(8). If this fails
## the return value is set appropriately by startproc.
/sbin/startproc $FBIN
fi
# Remember status and be verbose
rc_status -v
;;
Cheers,
Misha
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
ProFTPD Users List <proftpd-users (AT) proftpd (DOT) org>
Unsubscribe problems?No.13 | | 805 bytes |
| Now I have a true firewall at
work, not a Linksys blue box, but it clearly demonstrates that ProFTPd
can work without a MasqueradeAddress entry and in passive mode.
wait a second, are you actually behind a NAT gateway? Cause if not,
then there is nothing to talk about - MasqueradeAddress is only needed
when the ip of the computer in the local network and the ip for the
outside world are different (like in my case).
Misha
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
ProFTPD Users List <proftpd-users (AT) proftpd (DOT) org>
Unsubscribe problems?No.14 | | 437 bytes |
| Thu, Aug 10, 2006 at 02:38:11AM +0300, Misha Aizatulin wrote:
Now I have a true firewall at
work, not a Linksys blue box, but it clearly demonstrates that ProFTPd
can work without a MasqueradeAddress entry and in passive mode.
wait a second, are you actually behind a NAT gateway?
Absolutely, yes. The internal address is 172.30 and the external
address is 150.228.x.x.
Yes, I know it works.
/EdNo.15 | | 1586 bytes |
| Thu, Aug 10, 2006 at 02:33:25AM +0300, Misha Aizatulin wrote:
useful. Why would people use ftp at all if http could do the same?
I don't think you do need to specify a WAN address.
>I do - for passive mode. In passive mode the server tells the client
>to connect to it by giving the ip and the port. For that the server has
>to know its own ip as seen by the client. This is where
>MasqueradeAddress directive comes into play. In extended passive mode
>this is different, but "normal" passive mode used among others by
>Firefox and some command-line *ix clients doesn't work correctly without
>MasqueradeAddress.
You sure? Again, I do *NT* have a MaqueradeAddress line, and it
functions properly on my work system. I've just ncftp with passive on
and off and it works. I tested with lftp and it works fine. I tested
the normal ftp client and it works fine.
Some clients do fallback to active even when passive is on. Some
clients use extended passive mode - this one does work. But have you
tested with firefox? Did you try to access it from the outside of your
work network?
Yes, I've tested it from outside of our network. I've tested it from
Firefox (on Linux). I've checked the proftpd logs to validate that it's
using passive transfers. What else can I tell you? My server, without
MasqueradeAddress, works fine for thousands of clients using a multitude
of weird and wonderful browsers and FTP clients.
/EdNo.16 | | 1039 bytes |
| Yes, I've tested it from outside of our network. I've tested it from
Firefox (on Linux). I've checked the proftpd logs to validate that it's
using passive transfers. What else can I tell you? My server, without
MasqueradeAddress, works fine for thousands of clients using a multitude
of weird and wonderful browsers and FTP clients.
do you know how? I mean MasqueradeAddress is there for a reason and if
you don't need it while actually being masqueraded then there is
something special about your configuration. I think the creator of
proftpd is the person to ask, what his purpose for MasqueradeAddress was.
Cheers,
Misha
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
ProFTPD Users List <proftpd-users (AT) proftpd (DOT) org>
Unsubscribe problems?No.17 | | 1473 bytes |
| Wednesday 09 August 2006 21:47, Misha Aizatulin wrote:
Yes, I've tested it from outside of our network. *I've tested it from
Firefox (on Linux). *I've checked the proftpd logs to validate that it's
using passive transfers. *What else can I tell you? *My server, without
MasqueradeAddress, works fine for thousands of clients using a multitude
of weird and wonderful browsers and FTP clients.
* do you know how? I mean MasqueradeAddress is there for a reason and if
you don't need it while actually being masqueraded then there is
something special about your configuration. I think the creator of
proftpd is the person to ask, what his purpose for MasqueradeAddress was.
My guess as to how, is that he is using a firewall that rewrites the ftp
transactions going through it as part of the NAT rules. IIRC something along
the lines of fixup ftp in a Pix will do this. The masqueradeAddress is only
needed if what ever is doing the NAT has no knowledge of the protocol's that
are passing through it, or at least I think that is it.
-Patrick
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
ProFTPD Users List <proftpd-users (AT) proftpd (DOT) org>
Unsubscribe problems?
QUESTION ON "Networking"
- Timed-build and Locked-Out sessions.
- (no subject)
- EAP-TTLS + LDAP + PAP with encrypted password
- Bad version string generated on Windows
- Enjoy This is what you always needed to lead a happier, more fulfilling life.
- simple bind ldapsearch invalid credentials
- 6500 sup32 v sup720
- all outgoing mail goes to a specified user?
- chown errors?
- 6500 sup32 v sup720
- Improved OCR Plugin with approximate matching
- ImageInfo path
- 6500 sup32 v sup720
- SORBS Contact
- Next Tapes are Offsite
- dump larger than tape, 30864683 KB, but cannot incremental dumpnew disk
- steps to complete tls negotiation
- More documentation on Auth-Type
- URIBL and SURBL no lnger hitting
- 6500 sup32 v sup720