NAT interfering with DNS 'A' TTL?
Lars Povlsen
lp at filanet.dk
Mon Oct 18 13:56:19 UTC 1999
Hi!
I have a weird problem with DNS lookups in our local domain filanet.dk,
which my ISP runs primary + secondary for.
The problem is that ALL address information for our domain ends up with a
zero TTL, thus not allowing us to cache the information here. What it boils
down to is, that a ping between two machines behind the router/firewall
triggers an IDSN (thats what we use) call for the DNS lookup - _every_ time.
Outside our network, everything is fine = 1H TTL. I checked the zone file,
which also seems fine.
The problem is the same no matter if I use an external NS or a local
recursive.
Our Router/firewall does NAT for our 192.168 addresses, and is a Cisco 1605.
Does anybody have any knowledge about caveats with DNS when using NAT?
Otherwise, I'll just have to set up myself as primary...
Any help/info is appreciated,
Sincerely,
Lars Povlsen
Filanet Europe
(PS: NAT = Network Address Translation, i.e. we use different, local
addresses behind our firewall as compared to addresses that are advertised
externally. )
Nslookup trace (actual adress blinded for paranoid security reasons ;-):
> set debug=1
> mail.filanet.dk
Server: localhost
Address: 127.0.0.1
;; res_nmkquery(QUERY, mail.filanet.dk, IN, A)
------------
Got answer:
HEADER:
opcode = QUERY, id = 1136, rcode = NOERROR
header flags: response, auth. answer, want recursion, recursion
avail.
questions = 1, answers = 1, authority records = 2, additional = 2
QUESTIONS:
mail.filanet.dk, type = A, class = IN
ANSWERS:
-> mail.filanet.dk
internet address = 192.168.xxx.xxx
ttl = 0 (0S)
AUTHORITY RECORDS:
-> filanet.dk
nameserver = ns16.inet.tele.dk
ttl = 21600 (6H)
-> filanet.dk
nameserver = ns17.inet.tele.dk
ttl = 21600 (6H)
ADDITIONAL RECORDS:
-> ns16.inet.tele.dk
internet address = 193.163.158.231
ttl = 19636 (5h27m16s)
-> ns17.inet.tele.dk
internet address = 195.41.46.87
ttl = 19437 (5h23m57s)
------------
Name: mail.filanet.dk
Address: 192.168.xxx.xxx
>
More information about the bind-users
mailing list