Problems with DNS behind firewall.

arjen-bind at 3va.net arjen-bind at 3va.net
Mon Jun 4 20:28:35 UTC 2001 



Oops, masking mistake...

On Mon, 4 Jun 2001 arjen-bind at 3va.net wrote:

> 
> 
> 1.1.1.something you cannot use. If these are internal IPs, use
> in the 10/24, 

10/8

> 192.168/16 and 172.16/16 blocks (or maybe the last two
> blocks are even /24


/8 again :]


> ). If these are external IPs, I wonder who gave 
> 'em to you...
> 
> Also you must probably get your PTR records right...
> 
> Anyway, you could send some more info on your internal net (IP's)
> and you external IP's...
> 
> 
> Grtz, 
> 
> Arjen.
> 
> 
> On Mon, 4 Jun 2001, robert cerulli wrote:
> 
> > Hi all,
> > 
> >     I have a big problem =(, At our company, we have 2 [linux] dns servers
> > on a DMZ behind a Cisco Pix Firewall. Theres a Few Problems. First and
> > foremost problem is that until a few recent hosts file additions the
> > machines couldnt resolv anything themselves, however remote machines can do
> > an NSLOOKUP to those DNS with little or no problems. Now for example i can
> > ping a machine like so:
> > 
> > [root at copernicus /root]# ping -U www.google.com
> > PING www.google.com (216.239.33.100) from 1.1.1.207 : 56(84) bytes of data.
> > 64 bytes from www.google.com (216.239.33.100): icmp_seq=0 ttl=52 time=76.637
> > msec
> > 64 bytes from www.google.com (216.239.33.100): icmp_seq=1 ttl=52 time=76.456
> > msec
> > 64 bytes from www.google.com (216.239.33.100): icmp_seq=2 ttl=52 time=87.571
> > msec
> > 64 bytes from www.google.com (216.239.33.100): icmp_seq=3 ttl=52 time=76.511
> > msec
> > 
> > --- www.google.com ping statistics ---
> > 4 packets transmitted, 4 packets received, 0% packet loss
> > round-trip min/avg/max/mdev = 76.456/79.293/87.571/4.791 ms
> > [root at copernicus /root]#
> > 
> > and it works fine, however if i do an nslookup the following occurs:
> > 
> > 
> > [root at copernicus /root]# nslookup
> > *** Can't find server name for address 1.1.1.213: No response from server
> > *** Can't find server name for address 1.1.1.212: Non-existent host/domain
> > *** Default servers are not available
> > [root at copernicus /root]#
> > 
> > i also have tried using nslookup to the real ips on the outside of the
> > firewall that tunnel through to these DMZ ips, still no luck.
> > 
> > Any help Appreciated.
> > 
> > > Robert Cerulli > Senior Unix Administrator >
> > 
> > > robert at NOSPAM.rga.com > 212.946.xxxx >
> > 
> > 
> > 
> > 
> > 
> 
> 
>

More information about the bind-users mailing list