On Sun, 31 Dec 2000, Charles Galpin wrote:
> Hi all
>
> I have setup a DNS server behind a linux firewall box doing NAT and port
> forwarding port 53 to the internal server.
>
> When testing it with nslookup, all the domains/IPs it is responsible for
> work fine (forward and reverse), however if I try lookup any other domain
> or IP, it fails with (for example)
>
> > 63.219.148.140
> Server: ns.mydom.net
> Address: 192.168.2.2
>
> *** ns.mydom.net can't find 63.219.148.140: No response from server
>
> regardless of whether i'm testing from the outside or on the internal
> server itself (this example was from inside).
>
> So naturally I suspected the firewall and setup an identical config on the
> firewall. Lo and behold it works!
>
> Now, another interesting thing is that this "working setup" on the
> firewall *does not work* when running nslookup from a pc behind another
> (different) linux firewall box doing NAT. Makes me think it's a MASQ
> issue since I get this error when either the client or the server is
> behing a masquerading firewall, but don't know what.
>
> My named.conf has a forwarders section of course..
>
> Any ideas? I can post more details about the config if you tell me what
> you want to see - this is my first foray into a real DNS setup. I'm hoping
> this is something simple I'm missing.
>
> tia
> charles
>
> -- Happy holidays and new year everyone
>
What does your firewall rules for port 53 look like, and what does your
named.conf file look like? Depending on your named.conf file, you are
probably not using port 53 for outgoing lookups. So your firewall is
probably not forwarding the responce to the machine inside the firewall.
Try changing:
/* query-source address * port 53; */
to
query-source address * port 53;
in /etc/named.conf and see if that fixes the problem. If it does, then
you can consider if you what to keep this configuration, or fix your
firewall rules.
Mikkel
--
Do not meddle in the affairs of dragons,
for you are crunchy and taste good with ketchup.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
