NFS and reverse DNS problem? RH8.0 versus RH 7.2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Can anyone help me understand why NFS works differently on RH 8.0 than on
RH7.0/7.2 (or some other distros like Mandrake, or NAS devices with NFS)?

Here is the issue: starting with RH8.0, NFS seems to REQUIRE reverse DNS
(either from DNS or from /etc/hosts). Why? And how can this be disabled?

For instance:
Two boxes, A and B. Client Box A needs to NFS mount Server B. Box B does NOT
have DNS or entry in /etc/hosts (and it won't at this point - it's being
built). Box A and B can ping each other no problem and are connected to a
routable IP network.

Result: If A and B are RH7.2, this works
        If A is RH8, and B is Mandrake, this works
        If A is RH8, and B is RH7.2, this works
    *** If A is any unix, and B is RH8, FAILURE ***
        
It can be made to work by entering each box in the others /etc/hosts, but
this is NOT a useable solution ... these "A" client boxes are being built,
and sometimes there are many of them. This manual edit is time-prohibitive.

On "B", in /etc/exports it doesn't matter (so far) what option is used:
/share     *                         # fails 
/share     *(insecure,ro)            # fails
/share     192.168.*(insecure,rw)    # fails
/share     *.XXXXX.com(insecure,rw)  # fails

The error looks like this:
Sep  4 12:10:35 dco rpc.mountd: refused mount request from 192.168.164.129
(unassigned.corp.xxxxx.com) for /spare (/spare): no DNS forward lookup. 

As soon as I add the client IP to DNS or to  /etc/hosts on the server, it
works fine.  I have completely disabled ipchains, iptables and tcpwrappers
AND, I have made SURE that that hosts.allow is open.

[root@dco root]$ more /etc/hosts.allow
#
# hosts.allow   This file describes the names of the hosts which are
#               allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
ALL : 192.168.

And I've made sure that there are no iptables rules:

[root@dco root]# iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

There is SOMETHING enforcing the requirement for reverse DNS, and I really
need to figure it out and disable it. I've seen some references on the 'net
to the "new secure" version of portmapper -- does anyone know anything more
about that?. This isn't a problem for any of my other servers (Solaris, BSD,
other Linux, NAS devices with embedded NFS, etc.), and it's absolutely
killing my opinion and use of RH8 ... 


Feel free to email directly on this issue if you like (philc-AT-webex.com).

Phil Corchary, Sr. Systems Engineer
LPIC-I/II, Solaris Admin I/II, CCNA2.0


-- 
Psyche-list mailing list
Psyche-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/psyche-list
[Index of Archives]     [Fedora General Discussion]     [Red Hat General Discussion]     [Centos]     [Kernel]     [Red Hat Install]     [Red Hat Watch]     [Red Hat Development]     [Red Hat 9]     [Gimp]     [Yosemite News]

  Powered by Linux