[TCLUG] NATed DNS - BIND server

Mon Jan 5 16:37:06 CST 2004

I think the hardest part of DNS is the patients... oh wait.  I'm not a
doctor.  The patience.

It's quite possible that the name server you were using hadn't caught up
yet.  If you'd like to see results more quickly, you can reduce the
"Minimum TTL" in your named hosts file.

It would be helpful if you'd supply the actual hostname.

Mark Courtney

http://www.MarkCourtney.com

     __
   +|oo|+
   +|oo|+
     ||
     ||
     ||
     ||
     ||
     ||
  _  ||  _
  \\_||_//
   | [] |
   | || |
  /  []  \
  \______/

> I'm having a strange problem I can't figure out. I have a DNS server
> behind NAT. the server answers correctly when queried from the local
> private network but does not from the internet. From the internet, no
> matter what you ask, it answers with the public IP of the nat device
> (cisco 678). What the hell am I doing wrong?
>
> Here is some info, I've cut it up to keep it short
>
>>From The Cisco 678:
>
>         cbos#show nat
>
>         NAT is currently enabled
>
>         Port      Network        Global
>         eth0      Inside
>         wan0-0    Outside      209.98.143.100
>         vip0      Outside      ^^^^^^^^^^^^^^
>         vip1      Outside      STATIC IP OF CISCO 678 HOSTING THE BIND
> SERVER
>         vip2      Outside
>
>               Local IP : Port      Global IP : Port      Timer Flags
> Proto Interface
>            192.168.1.50:53     209.98.143.100:53           0   0x00041
> udp   eth0 wan0-0
>            192.168.1.50:53     209.98.143.100:53           0   0x00041
> tcp   eth0 wan0-0
>            ^^^^^^^^^^^^
>            LOCAL IP OF BIND SERVER
>
>
>
>>From inside the private network:
>
>         [tomp at lotsa test]$ dig @192.168.1.50 myhost.mydomain.com
>                                 ^^^^^^^^^^^^
>                                 BIND SERVER
>
>         ; <<>> DiG 9.2.1 <<>> @192.168.1.50 r.circussoftware.com
>         ;; global options:  printcmd
>         ;; Got answer:
>         ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20759
>         ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2,
> ADDITIONAL: 1
>
>         ;; QUESTION SECTION:
>         ;myhost.mydomain.com.          IN      A
>
>         ;; ANSWER SECTION:
>         myhost.mydomain.com. 10800 IN A       209.150.209.2
>                                               ^^^^^^^^^^^^^
>                                               CORRECT! IP OF
> MYHOST.MYDOMAIN.COM
>
>>From the internet:
>         [tomp at ringmaster tomp]$ dig @bindserver.binddomain.com
> myhost.mydomain.com
>
>
>         ; <<>> DiG 9.2.1 <<>> @many.blots.com
> ringmaster.circussoftware.com
>         ;; global options:  printcmd
>         ;; Got answer:
>         ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27360
>         ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2,
> ADDITIONAL: 1
>
>         ;; QUESTION SECTION:
>         ;myhost.mydomain.com. IN      A
>
>         ;; ANSWER SECTION:
>         myhost.mydomain.com. 0 IN     A       209.98.143.100
>                                               ^^^^^^^^^^^^^^
>                                               WRONG! THIS IS THE IP OF THE
> CISCO 678
>
>
> It's like the NAT on the Cisco is rewriting the address of the answer.
> Does anyone have a clue how to fix this?
>
> Thanks!
>
> --
> Tom Penney <blots at visi.com>
>
>
> _______________________________________________
> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> http://www.mn-linux.org tclug-list at mn-linux.org
> https://mailman.real-time.com/mailman/listinfo/tclug-list
>

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list