Problems with DNS behind firewall.
Michael Kjorling
michael at kjorling.com
Mon Jun 4 19:56:48 UTC 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
If I don't remember things incorrectly, the 1/24 network is reserved
by the IANA, and most likely nonroutable as well. So it's not very
strange that you cannot get any response from an IP there.
Question number One: What happens when you use dig to look up
something? nslookup is pretty badly broken - for one, if it can't
reverse-lookup the default DNS servers, it assumes that they aren't
there. Which is what you are seeing here.
If you are actually running BIND on copernicus, why not set the
primary name server to 127.0.0.1 or even 0.0.0.0, anyway?
Michael Kjörling
On Jun 4 2001 15:23 -0700, robert cerulli wrote:
> Hi all,
>
> I have a big problem =(, At our company, we have 2 [linux] dns servers
> on a DMZ behind a Cisco Pix Firewall. Theres a Few Problems. First and
> foremost problem is that until a few recent hosts file additions the
> machines couldnt resolv anything themselves, however remote machines can do
> an NSLOOKUP to those DNS with little or no problems. Now for example i can
> ping a machine like so:
>
> [root at copernicus /root]# ping -U www.google.com
> /snip/
> [root at copernicus /root]#
>
> and it works fine, however if i do an nslookup the following occurs:
>
>
> [root at copernicus /root]# nslookup
> *** Can't find server name for address 1.1.1.213: No response from server
> *** Can't find server name for address 1.1.1.212: Non-existent host/domain
> *** Default servers are not available
> [root at copernicus /root]#
>
> i also have tried using nslookup to the real ips on the outside of the
> firewall that tunnel through to these DMZ ips, still no luck.
>
> Any help Appreciated.
- --
Michael Kjörling - michael at kjorling.com - PGP: 8A70E33E
"We must be the change we wish to see" (Mahatma Gandhi)
^..^ Support the wolves in Norway -- go to ^..^
\/ http://home.no.net/ulvelist/protest_int.htm \/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7G+gDKqN7/Ypw4z4RArr/AJ4jI0rjz4q9VCkzp8Dhpy1CaDAQIgCeNlWb
jUCq278JP5Qi3vWQLTVRgmM=
=UafD
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list