On Jan 21, 2007, at 6:48 PM, riwanlky wrote:
Hi All,
I want all my windows client behind OpenBSD 3.9 firewall to query
dns from the firewall. In the OpenBSD 3.9 I run named. This is
my named.conf
acl clients {
localnets;
::1;
};
options {
version ""; // remove this to allow version queries
listen-on { any; };
listen-on-v6 { any; };
allow-recursion { clients; };
};
<snip>
All my windows client will set the preferred dns server to OpenBSD
3.9.
However when I tried using nslookup:
> pop3.pacific.net.id
Server: UnKnown
Address: 10.10.10.33
Name: pop3.pacific.net.id
Served by:
- ns.net.id
net.id
- ns1.id
net.id
- ns1.rad.net.id
202.154.1.2
net.id
- ns1.iptek.net.id
net.id
- ns2.cbn.net.id
net.id
it didn't give the windows the ip address of the domain request.
I need to go to the OpenBSD and then do
dig pop3.pacific.net.id
# dig pop3.pacific.net.id
; <<>> DiG 9.3.1 <<>> pop3.pacific.net.id
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24809
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;pop3.pacific.net.id. IN A
;; ANSWER SECTION:
pop3.pacific.net.id. 1800 IN A 203.123.254.34
;; AUTHORITY SECTION:
pacific.net.id. 1800 IN NS nm1.pacific.net.id.
pacific.net.id. 1800 IN NS nm2.pacific.net.id.
;; Query time: 68 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jan 22 09:47:34 2007
;; MSG SIZE rcvd: 89
and then using nslookup I could get the ip address.
> pop3.pacific.net.id
Server: UnKnown
Address: 10.10.10.33
Non-authoritative answer:
Name: pop3.pacific.net.id
Address: 203.123.254.34
My problem is that how do I cache the entry so that I will
always get the ip address.
Thank in advance for the assistance.
Best regards,
Riwan
It seems like whatever IP you're making that query from originally
isn't in "localnets" (hence, no recursion). Try manually adding your
subnets to the ACL, for instance 192.168.0.0/16; (or whatever your
internal network is).
Brian Keefer
www.Tumbleweed.com
"The Experts in Secure Internet Communication"
