Non-Routable IPs from Ext View

Rich Hampton rich at hamptonhouse.org
Tue Apr 4 19:08:14 UTC 2006 

Hello All,

I've encountered something that I don't completely understand with one 
of my domain configurations.  The whole problem started with some 
domains being unable to send mail to my domain.  Note that I said some.  
One of these domains was DARPA.  When I contacted their sysadmin, I 
learned that their name servers were reporting a non-routable IP address 
for my mail server (which is NAT'd behind a firewall and has a 
non-routable address).  My bind machine (also NAT'd - v9.3.1) is using 
views and and here are two example nslookups, one from inside and the 
other from the outside:

Inside

richh at DESFS890:~ $ nslookup mail.denergysolutions.com 
ns1.denergysolutions.com
Server:         ns1.denergysolutions.com
Address:        216.84.38.114#53

Name:   mail.denergysolutions.com
Address: 192.168.1.2


Outside

[rich at elijah ~]$ nslookup mail.denergysolutions.com ns1.denergysolutions.com
Server:         ns1.denergysolutions.com
Address:        216.84.38.114#53

Name:   mail.denergysolutions.com
Address: 216.84.38.114

OK, so far so good, right?  Back to DARPA.  They ended up fixing the 
problem on their end but refused to tell me what was going on.  All they 
would say is that it was not a cache flush.  More recently, I'm having 
issues with 3com's domain (among two others).  They assure me that they 
have flushed their caches and that there is nothing wrong with their 
DNS.  Here is what happens when using their DNS when conducting a lookup:


[rich at elijah ~]$ nslookup mail.denergysolutions.com ns.mmm.com
Server:         ns.mmm.com
Address:        192.28.1.248#53

Non-authoritative answer:
Name:   mail.denergysolutions.com
Address: 192.168.1.2


My fear is that I may have had something initially misconfigured when I 
first setup the domain and that internal host addresses got leaked onto 
the net and cached.  If so, is there anything I can do to help force 
these addresses to update?  Is it possible that I could still have 
something misconfigured such that some domains are getting the internal 
view rather that the external view?

I just don't get it.

Any ideas you have are greatly appreciated.

Rich Hampton

More information about the bind-users mailing list