It turns out that Red Hat Linux 7.3 can install unexpectedly different sets of stuff depending on choices made in those dialog boxes during installation. For example, if you choose 'enable firewall' and pick low or high security, RH installs ipchains, not iptables, in the kernel, even thought the 2.4.x kernel is supposed to use the latter. You Linux geniuses probably know this stuff, but it's hard for us casual users to keep up.

Anyway, another quirk of RH 7.3 is that GnoRPM has a broken 'upgrade' button in the topmost dialog box. After getting slapper on one server, I downloaded the patches, and tried to install them - they wouldn't 'upgrade', and 'install' failed with a message that said just that much. So, while we were at the monastery, server #2 contracted slapper, which manages to saturate our modest pipe when it's active, and gulker.com and all its virtual domains went away.

And yes (again, you knowledgeable Linux guys are probably clucking over this) it took me 3 weeks to work through all of this. I finally found the ipchains config file, in a different directory than the one noted in Linux, the Complete Reference, 4th Edition. And then discovered, by reading a header comment in that file, that a separate script configures the DNS port behavior, and that script isn't expecting the machine to be a DNS server, so it lets traffic out, but not in.

Even better, I discovered that running Lokkit and choosing 'no security' dumped ipchains from the kernel and restored iptables when I rebooted. Since I have an iptables firewall that seems to do an OK job, this was a step forward.

So the good news is that after 3 weeks of evenings and weekends pouring over manuals, FAQs, How-Tos, mini-How-Tos and blindly trying a bunch of different things, the DNS is back, and so is Roger. The good news is that I think I get the concepts involved, the bad news is that the way in which Linux works, and the frequency with which it arbitrarily changes directories, config syntax and other internals, is probably outside the learning time availability of a guy like me (and, just lately, I've had plenty of time).

This really isn't a whine (as Junior Soprano says "Don't whine, nobody cares"), it is an honest attempt to put an issue on the table that would help Linux move beyond the domain of the ubergeek, and be useful to mere garden-variety geeks. And if regular geeks could be productive, maybe the next evolutionary step would make it useful to the computer-literate. Many thanks to all who offered help... some of this stuff you just have to slog through...
Comments 11:43:19 AM    

Chris Gulker's view from Silicon Valley - in words and pictures