Problems with DNS behind firewall.
arjen-bind at 3va.net
arjen-bind at 3va.net
Mon Jun 4 20:28:35 UTC 2001
Oops, masking mistake...
On Mon, 4 Jun 2001 arjen-bind at 3va.net wrote:
>
>
> 1.1.1.something you cannot use. If these are internal IPs, use
> in the 10/24,
10/8
> 192.168/16 and 172.16/16 blocks (or maybe the last two
> blocks are even /24
/8 again :]
> ). If these are external IPs, I wonder who gave
> 'em to you...
>
> Also you must probably get your PTR records right...
>
> Anyway, you could send some more info on your internal net (IP's)
> and you external IP's...
>
>
> Grtz,
>
> Arjen.
>
>
> On Mon, 4 Jun 2001, robert cerulli wrote:
>
> > Hi all,
> >
> > I have a big problem =(, At our company, we have 2 [linux] dns servers
> > on a DMZ behind a Cisco Pix Firewall. Theres a Few Problems. First and
> > foremost problem is that until a few recent hosts file additions the
> > machines couldnt resolv anything themselves, however remote machines can do
> > an NSLOOKUP to those DNS with little or no problems. Now for example i can
> > ping a machine like so:
> >
> > [root at copernicus /root]# ping -U www.google.com
> > PING www.google.com (216.239.33.100) from 1.1.1.207 : 56(84) bytes of data.
> > 64 bytes from www.google.com (216.239.33.100): icmp_seq=0 ttl=52 time=76.637
> > msec
> > 64 bytes from www.google.com (216.239.33.100): icmp_seq=1 ttl=52 time=76.456
> > msec
> > 64 bytes from www.google.com (216.239.33.100): icmp_seq=2 ttl=52 time=87.571
> > msec
> > 64 bytes from www.google.com (216.239.33.100): icmp_seq=3 ttl=52 time=76.511
> > msec
> >
> > --- www.google.com ping statistics ---
> > 4 packets transmitted, 4 packets received, 0% packet loss
> > round-trip min/avg/max/mdev = 76.456/79.293/87.571/4.791 ms
> > [root at copernicus /root]#
> >
> > and it works fine, however if i do an nslookup the following occurs:
> >
> >
> > [root at copernicus /root]# nslookup
> > *** Can't find server name for address 1.1.1.213: No response from server
> > *** Can't find server name for address 1.1.1.212: Non-existent host/domain
> > *** Default servers are not available
> > [root at copernicus /root]#
> >
> > i also have tried using nslookup to the real ips on the outside of the
> > firewall that tunnel through to these DMZ ips, still no luck.
> >
> > Any help Appreciated.
> >
> > > Robert Cerulli > Senior Unix Administrator >
> >
> > > robert at NOSPAM.rga.com > 212.946.xxxx >
> >
> >
> >
> >
> >
>
>
>
More information about the bind-users
mailing list