Running public Bind Server from behind firewall
Furley, Stephen
FURLES at staff.croydon.ac.uk
Tue Jun 7 09:01:40 UTC 2005
Try putting 'query-source address * port 53; in your named.conf file.
It's in the sample file that comes with Fedora, and probably other
distributions, but is commented out.
> From: bind-users-bounce at isc.org on behalf of Kurt
> Boyack[SMTP:KBOYACK at GMAIL.COM]
> Sent: Tuesday, June 07, 2005 6:47:07 AM
> To: John McGowan
> Cc: bind-users at isc.org
> Subject: Re: Running public Bind Server from behind firewall
> Auto forwarded by a Rule
>=20
> On 6/6/05, John McGowan <mcgowan at lynch2.com> wrote:
> > I've been running bind for a while now without any problems. server
is
> > on public ip space behind a L2 transparent firewall.
> >=3D20
> > I just reconfigured the server to be on a private ip address and
moved
> > it behind a new firewall that is not a L2 transparent firewall. I
have
> > setup a "Mapped IP" on the firewall, but for some reason DNS doesn't
> > work like it should. looks like responses to queries done by the
dns
> > server aren't getting back.
> >=3D20
> > The thing that's confusing me is that all other services on the
machine
> > that were moved are working fine SMTP, POP, HTTP. DNS is the only
> > service that is having problems.
> >=3D20
> > Is there something obvious that I would have to change in my
named.conf
> > to support a bind server running on a private ip address behind a
> > firewall? (keep in mind that the firewalls i'm running are
identical
> > with identical policies, the only difference is the introduction of
this
> > private ip network)
> >=3D20
>=20
> Does your named.conf contain a "blackhole" statement? If it does and
> the queries are coming from the private IP address of your firewall,
> that could be your problem.
>=20
More information about the bind-users
mailing list