Request external, logs show internal address
Mark Andrews
Mark_Andrews at isc.org
Tue Apr 5 23:29:24 UTC 2005
> Weird-ass problem that's been plaguing me for a long time.
>
> On my BIND 9.2.1 server I use 2 views, internal and external.
> If someone outside looks up my server, say ns.foo.com, they
> get the correct address, say 9.9.9.9. Internal users also
> get the correct address, say 10.1.1.1.
>
> Now, PTR. Internally, I can do a reverse lookup for
> 10.1.1.1 and the logs show it asking for 10.1.1.1. The
> server responds correctly with ns.foo.com. Logs and
> answer are also both correct if the internal user looks
> up 9.9.9.9.
>
> External, however... If an external user looks up the
> external IP, 9.9.9.9, the logs show it as asking for the
> internal address, 10.1.1.1. If I refuse to give the
> internal address, which I normally would, no answer is
> returned. If I turn off the ACL, the external user gets
> the response, ns.foo.com.
>
> I've tried "dig -x 9.9.9.9", "dig -x 9.9.9.9 @9.9.9.9",
> "host 9.9.9.9" and "host 9.9.9.9 9.9.9.9".
>
> Now, on one external machine, running dig 2.0, dig sends
> not a PTR query but an ANY query. This works. My logs
> show an ANY query for 9.9.9.9 and the answer returns
> ns.foo.com.
>
> I've tried removing all references to the internal
> addresses in my named data files as well as removing
> etc/hosts. No difference, the logs still seem to
> think I'm looking for an internal address.
>
> Any ideas?
Your NAT is rewritting the query.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list