FW: Running public Bind Server from behind firewall

John McGowan mcgowan at lynch2.com
Tue Jun 7 14:30:43 UTC 2005 

Cranfield, Matthew wrote:

>Try putting 'query-source address * port 53; in your named.conf file.
>It's in the sample file that comes with Fedora, and probably other
>distributions, but is commented out.
>
>  
>
Thanks for all the suggestions... My named.conf file is very simple, and 
I tried it with and without the query-source address.  The firewall 
*should* have all that stuff open... My gut was telling me that it had 
something to do with the firewall not mapping the ips properly.

However, was secretly hoping for someone to tell me that I have to turn 
on the "run as private ip" switch.

/John


>>From: bind-users-bounce at isc.org on behalf of Kurt
>>Boyack[SMTP:KBOYACK at GMAIL.COM]
>>Sent: Tuesday, June 07, 2005 6:47:07 AM
>>To: John McGowan
>>Cc: bind-users at isc.org
>>Subject: Re: Running public Bind Server from behind firewall
>>Auto forwarded by a Rule
>>=20
>>On 6/6/05, John McGowan <mcgowan at lynch2.com> wrote:
>>    
>>
>>>I've been running bind for a while now without any problems.  server
>>>      
>>>
>is
>  
>
>>>on public ip space behind a L2 transparent firewall.
>>>=3D20
>>>I just reconfigured the server to be on a private ip address and
>>>      
>>>
>moved
>  
>
>>>it behind a new firewall that is not a L2 transparent firewall.  I
>>>      
>>>
>have
>  
>
>>>setup a "Mapped IP" on the firewall, but for some reason DNS doesn't
>>>work like it should.  looks like responses to queries done by the
>>>      
>>>
>dns
>  
>
>>>server aren't getting back.
>>>=3D20
>>>The thing that's confusing me is that all other services on the
>>>      
>>>
>machine
>  
>
>>>that were moved are working fine SMTP, POP, HTTP.  DNS is the only
>>>service that is having problems.
>>>=3D20
>>>Is there something obvious that I would have to change in my
>>>      
>>>
>named.conf
>  
>
>>>to support a bind server running on a private ip address behind a
>>>firewall?  (keep in mind that the firewalls i'm running are
>>>      
>>>
>identical
>  
>
>>>with identical policies, the only difference is the introduction of
>>>      
>>>
>this
>  
>
>>>private ip network)
>>>=3D20
>>>      
>>>
>>=20
>>Does your named.conf contain a "blackhole" statement? If it does and
>>the queries are coming from the private IP address of your firewall,
>>that could be your problem.
>>=20
>>    
>>
>
>
>
>
>  
>

More information about the bind-users mailing list