internal external ?
Kevin Darcy
kcd at daimlerchrysler.com
Fri Oct 7 22:00:28 UTC 2005
RYAN vAN GINNEKEN wrote:
>Hello all i am having some troubles with my dns
>
>here is the scenario
>
>I have a cable modem supplied by my isp with 2 connections to the inet
>one rj45 the other usb also i have 2 static ip's
>ip address # 1 is my FreeBSD box that has an 192.168.0.202 internal and
>external 68.x.x.1 address this box is called computerking.ca among other
>things and controls my internal LAN firewall etc. I have this machine
>set up with internal and external views using bind it also controls
>several other domains namely canmail.org
>ip address # 2 is my new Fedora/email server with an external address
>of 68.x.x.2 and is not hooked to my LAN in anyway (that i am aware)
>
>I can access the Freebsd boxes domains both internally and externally
>however i can only access the canmail.org domain from outside my LAN
>why? Do i need an internal record for it? I realize that i need to add
>internal records for domains that are hosted by the computerking.ca
>server but canmail.org is not on the LAN and has its own ip address.
>Actually i have to add internal records now as my slave server is broken
>when slave is operating properly i can get to all domains without problems.
>
>I have added the internal record for canmail and everything seems to
>work but i am confused why is canmail.org internal? sorry for the
>possibly silly post but i am curios as to what is going on.
>
>
>$TTL 3600
>
>canmail.org. IN SOA ns1.computerking.ca. root.computerking.ca. (
> 2005100701 ; SERIAL
> 1200 ; SOA REFRESH
> 120 ; SOA RETRY
> 1209600 ; SOA EXPIRE
> 3600 ) ; SOA MINIMUM TTL or Negative caching TTL
>
>;------------------------------------------------------------------------------
>; NAME SERVERS (the name @ is implied)
>;------------------------------------------------------------------------------
>canmail.org. IN NS ns1.computerking.ca.
>canmail.org. IN NS ns1.shoemasters.com.
>
>;------------------------------------------------------------------------------
>; MAIL EXCHANGERS
>;------------------------------------------------------------------------------
>canmail.org. IN MX 5 mx1.canmail.org.
>canmail.org. IN MX 10 mail1.computerking.ca.
>canmail.org. IN MX 20 mail1.shoemasters.com.
>
>;------------------------------------------------------------------------------
>; ADDRESSES FOR THE CANOCICAL NAMES ( A records)
>;------------------------------------------------------------------------------
>canmail.org. IN A 68.146.204.153
>mx1.canmail.org. IN A 68.146.204.153
>www.canmail.org. IN A 68.146.204.152
>
>;------------------------------------------------------------------------------
>; ALIASES
>;------------------------------------------------------------------------------
>mail.canmail.org. IN CNAME www.canmail.org.
>mm.canmail.org. IN CNAME www.canmail.org.
>
>;==============================================================================
>;end of file
>
I'm not sure what you mean by "the internal record"? You indicated that
the canmail.org box isn't multi-homed, so you can't mean that you added
an A record for its "internal" address (e.g. 192.168.x.x) to an internal
version of a canmail.org zone. So what exactly do you mean by "the
internal record"?
One thing you should double-check is that the names of both of the
delegated nameservers for canmail.org (ns1.computerking.ca and
ns1.shoemasters.com) are resolvable from the internal view, and that
whatever those names resolve to are actually queriable from the internal
view. Sometimes, for various reasons -- firewalls, NAT, load-balancers,
whatever -- nameservers have trouble talking to themselves on their
externally-visible addresses. In such cases, either you have the
delegated nameservers resolve the name from each other (the fact that
your slave is down might explain why resolution stopped working), you
define the relevant zone(s) explicitly in the internal view (e.g. as
master, slave, forward), or at least you define a zone in the internal
view that resolves the externally-visible name of the nameserver to its
internal address, thus effectively "overriding" what is in the external DNS.
- Kevin
More information about the bind-users
mailing list