Running bind behind Raptor Firewall

Leonardo Rodrigues coelho at persogo.com.br
Tue Aug 1 20:46:38 UTC 2000 

At 21:30 01/08/00 +0100, Jim Reid wrote:
> >>>>> "Leonardo" =3D=3D Leonardo Rodrigues <coelho at persogo.com.br> writes:
>
>     Leonardo>   People, I need some hints on running BIND behind a
>     Leonardo> Raptor Firewall. I tried all kind of configurations,
>     Leonardo> and the only one that worked was using the firewall
>     Leonardo> as a forwarder. Altough it worked, I do not stop getting
>     Leonardo> these kind of errors on system log.
>
>     Leonardo> Aug 1 16:36:29 zeus named[330]: sysquery: no addrs found=20
> for root NS (firewall.mycompany.com)
>
>Well it looks like your name server knows nothing about the root name
>servers (=3D> the root zone =3D> the internet name space) or it's
>forwarding queries to a name server on your firewall that doesn't know
>anything about the root zone.

         Yes, it SEEMS to be this, but even with this error, named *is=20
resolving names correctly*, as follows:

[root at zeus /root]# host www.isc.org
www.isc.org is a nickname for isc.org
isc.org has address 204.152.184.101



         Let=B4s take a look on the root servers list. On the named machine,=
=20
I=B4m loading the normal root servers, and using a forwarder option on=20
named.conf. I get:


[root at zeus /root]# dig . ns

; <<>> DiG 8.2 <<>> . ns
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;      ., type =3D NS, class =3D IN

;; ANSWER SECTION:
.                       17h29m26s IN NS  firewall.mycompany.com.

;; Total query time: 5 msec
;; FROM: zeus to SERVER: default -- 10.32.8.117
;; WHEN: Tue Aug  1 17:39:03 2000
;; MSG SIZE  sent: 17  rcvd: 57



         And now, let=B4s ask the firewall his root servers list:


[root at zeus /root]# dig . ns @firewall

; <<>> DiG 8.2 <<>> . ns @firewall
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUERY SECTION:
;;      ., type =3D NS, class =3D IN

;; ANSWER SECTION:
.                       1D IN NS        firewall.mycompany.com.

;; ADDITIONAL SECTION:
firewall.ctbctelecom.net.br.  1H IN A  10.32.8.106

;; Total query time: 1 msec
;; FROM: zeus to SERVER: firewall  10.32.8.106
;; WHEN: Tue Aug  1 17:39:12 2000
;; MSG SIZE  sent: 17  rcvd: 74



         It=B4s really strange. Firewall, that is my root server, is telling=
=20
he is his own root server ?!?! Is this possible ? Is this a misconfiguration=
 ?


         Hope hearing from you soon,
         Leonardo Rodrigues

More information about the bind-users mailing list