DNS with views behind Cisco firewall
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Thu Aug 8 10:20:41 UTC 2002
Lluís Batlle i Rossell <vindicator at jazzfiesta.com> wrote:
> I have some problems with Bind 9.2.1 using the 'views' features.
> I have the DNS server behind a Cisco Firewall, and the DNS only has
> one NIC with one local IP.
> The Firewall makes a static mapping between the public IP (213.0.102)
> and the local (192.168.1.3).
> The Firewall allows all outgoing traffic, and only permits udp packets
> to port 53 of the DNS public address...
This is not ok. You should open up TCP too.
> The 'views' check if the request come from my LAN (192.168.0.0/20) or
> from anything else, and it serves the proper zones.
> The problems I have since I'm using the firewall are:
> - Some DNS servers, when come recursively into mine trying to answer a
> request made to them, answer with my LAN addressses (internal view
> zone)
Am i to understand this as "recursive queries made from external
servers are somtime answered with internal addresses " ?
> - Some others who still answer with the correct IPs (the public ones)
> have left returning the MX record. Only A records are answered.
There might be a screw-up by the cisco, which is reported to
change ip's in dns packets flowing by.
Whats the brand, model and version number for the cisco ?
> I think that everything have been propagated...
> I guess that there are some problems with the mapping the firewall
> does... or maybe something I don't know about the connections the DNS
> server must allow.
What domain is this ? Ip address of server ( or rather NATbox) ?
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list