nslookup can't but browser can !
Kevin Darcy
kcd at daimlerchrysler.com
Wed Aug 23 00:02:10 UTC 2000
Joseph S D Yao wrote:
> On Tue, Aug 22, 2000 at 09:37:26AM -0700, Prashant Ranade wrote:
> > I have a domain name server for a company say abc.com on NT machine
> > resolving internal machines is no problem.. but when I try to resolv
> > internet names I can't (using nslookup)
> > however if I try to go through the browser I can get to any site on the
> > internet even if that site is not there in the DNS cache.
> > can somebody pl explain this ????????
> >
> > TIA
> > Prashant
>
> Since you refer to "internal" machines, you probably have a firewall.
> Your browser names the firewall as its proxy. The browser does NOT try
> to resolve the name, but instead passes the URL straight to the Web
> proxy running on the firewall. The firewall obviously gets its name
> service from the "outside", so it can resolve the name.
>
> Your setup needs to change, in two ways.
>
> First, your internal name server must forward all requests that it
> can't resolve to a DNS proxy ['named' itself works fine] on the
> firewall.
Joe, You seem to be assuming that the internal clients need to resolve
Internet names. If they're behind a proxy firewall, generally they
*don't* need this capability, since they can't connect to those addresses
anyway. I wouldn't want the original poster to go changing their
DNS infrastructure for no good reason...
- Kevin
More information about the bind-users
mailing list