Non-Routable IPs from Ext View

Jeff Reasoner jeff.reasoner at mail.hccanet.org
Tue Apr 4 20:02:13 UTC 2006 

Please post your named.conf or at least the acl portion to see what IP
addresses match the internal view. Sounds like that may be the problem.

On Tue, 2006-04-04 at 15:08, Rich Hampton wrote:
> Hello All,
> 
> I've encountered something that I don't completely understand with one 
> of my domain configurations.  The whole problem started with some 
> domains being unable to send mail to my domain.  Note that I said some.  
> One of these domains was DARPA.  When I contacted their sysadmin, I 
> learned that their name servers were reporting a non-routable IP address 
> for my mail server (which is NAT'd behind a firewall and has a 
> non-routable address).  My bind machine (also NAT'd - v9.3.1) is using 
> views and and here are two example nslookups, one from inside and the 
> other from the outside:
> 
> Inside
> 
> richh at DESFS890:~ $ nslookup mail.denergysolutions.com 
> ns1.denergysolutions.com
> Server:         ns1.denergysolutions.com
> Address:        216.84.38.114#53
> 
> Name:   mail.denergysolutions.com
> Address: 192.168.1.2
> 
> 
> Outside
> 
> [rich at elijah ~]$ nslookup mail.denergysolutions.com ns1.denergysolutions.com
> Server:         ns1.denergysolutions.com
> Address:        216.84.38.114#53
> 
> Name:   mail.denergysolutions.com
> Address: 216.84.38.114
> 
> OK, so far so good, right?  Back to DARPA.  They ended up fixing the 
> problem on their end but refused to tell me what was going on.  All they 
> would say is that it was not a cache flush.  More recently, I'm having 
> issues with 3com's domain (among two others).  They assure me that they 
> have flushed their caches and that there is nothing wrong with their 
> DNS.  Here is what happens when using their DNS when conducting a lookup:
> 
> 
> [rich at elijah ~]$ nslookup mail.denergysolutions.com ns.mmm.com
> Server:         ns.mmm.com
> Address:        192.28.1.248#53
> 
> Non-authoritative answer:
> Name:   mail.denergysolutions.com
> Address: 192.168.1.2
> 
> 
> My fear is that I may have had something initially misconfigured when I 
> first setup the domain and that internal host addresses got leaked onto 
> the net and cached.  If so, is there anything I can do to help force 
> these addresses to update?  Is it possible that I could still have 
> something misconfigured such that some domains are getting the internal 
> view rather that the external view?
> 
> I just don't get it.
> 
> Any ideas you have are greatly appreciated.
> 
> Rich Hampton
> 
>

More information about the bind-users mailing list