Internal NS

Kevin Darcy kcd at daimlerchrysler.com
Thu Feb 24 23:58:09 UTC 2000


Jared Johnson wrote:

> Pretty Typical Network Layout
>
>                (Servers)                DMZ
>                        |                           |
> (Clients) --- LAN --- FW --- Router --- ISP
>
> The clients are all DHCP assigned internal addresses and the servers are all
> static internal addresses.  The nameserver is running DHPC also and is
> updating NS with DDNS (not that it matters).  All the clients can resolve
> 98% when hitting sites on the WWW with the following exception.
>
> Our clients can't seem to query https sites ie
> (https://www.pcbanking.washingtonmutual.com/logon/)
> We can resolve the top levels (ie washingtonmutual.com) just fine.  Other
> banking sites and investing sites do the same.  This isn't a bad problem to
> me because I don't have to limit the access to these sites now, but would
> like to know what's causing this.  At first I thought it was the FW but the
> log doesn't show any rejects during the query.  They work just fine if I use
> my ISP's NS.

I can resolve the name just fine. Can you resolve the name from your FW using a
command-line tool like dig? If not, what symptoms are you seeing? Timeouts?
NXDOMAIN answers?


- Kevin





More information about the bind-users mailing list