[bind ipmasq] Strange DNS problems.

Karl M. Hegbloom karlheg at bittersweet.inetarena.com
Sun Mar 12 02:15:01 UTC 2000

 I'm working on setting up a Linux box that will act as an Internet
 gateway for a home LAN.  It will sit on a DSL line, with one
 interface on the Internet and the other on the LAN, with transparent
 proxy and masquerading.

 I've got BIND set up in it to act as both the LAN nameserver and as a
 forwarder to the ISP's nameserver.  Right now, it's using my
 workstation as the "ISP", forwarding through my own BIND which in
 turn forwards to my real ISP.

 I have my laptop on the 10.0.0.XX network that will be the house LAN,
 plugged into a hub with the router machine.  The proxy's other
 interface is hooked to my workstation.  I have `ipchains' rules set
 up and ip_forward turned on.  My workstation's in-house LAN is

 I can `ping' from my laptop, and can `ping' from
 the gateway machine I'm setting up.  The gateway is on my
 workstation's (the "ISP") LAN, and I can `ping' from the
 proxy, and can `ping' from my workstation.  I can also
 `ping' from my laptop, and see that the connection is
 being masqueraded by using the masq display of `gfcc', running on the
 proxy machine.

 From the proxy machine, I can do `host <anywhere_inside>' and it will
 return an A record.  I can also do `host <IP_inside>' and it returns
 a PTR.  It will also return A and PTR records for hosts on my
 workstation LAN (that are in it's BIND) and for hosts on the
 internet.  The problem is that from my laptop, `host' doesn't work
 right.  It will return, right away, `host <anywhere_inside>', from
 the proxy machine's BIND.  But it will NOT do a reverse lookup.
 `host' times out and says that the nameserver is not responding.  It
 will let me do `host www.debian.org', `host ftp.debian.org', and
 `host slashdot.org', but will NOT return `host www.netscape.com', nor
 will it perform any reverse lookups.  The same queries from the proxy
 machine itself work fine.

 I used `ethereal' to watch packet traffic on the LAN,
 between the laptop and the proxy box I'm setting up.  I ran a copy on
 the laptop and another on the proxy, and both show the same thing.
 Both show the DNS query going to the proxy machine's BIND, _and_ both
 show a reply being returned to the laptop.  But the `host' lookup
 program on the laptop does NOT see the reply for some reason.
 `strace' shows a timeout in the select where it waits for the
 response.  It thinks the nameserver is not responding when it in fact

 I'm at the end of my wits and knowledge about this.  Any ideas?  What
 could it be?

More information about the bind-users mailing list