Nameserver behind firewall
Mark.Andrews at nominum.com
Mark.Andrews at nominum.com
Wed Aug 1 03:03:36 UTC 2001
Part of this is demonstate the point of putting real names into
questions. If people want help they shouldn't be hiding things
that could potentially be related to the solution.
In this case I think you will find it is that named is started
before the external interace is initialised. Either start
named after the interface is initialised or look at
interface-interval. It could also be a bad listen-on clause.
You could also query why the server needs to listen on the
external interface at all. The answer to this depends upon
what the server is supposed to be doing.
Mark
>
> I think Andrew was refering to his domain when he said ns1.mydomain.com and
> not the real domain mydomains.com which belongs to a network registrar.
>
> -----Original Message-----
> From: Michael Kjorling [mailto:michael at kjorling.com]
> Sent: Tuesday, July 31, 2001 1:02 PM
> To: BIND-Users
> Subject: Re: Nameserver behind firewall
>
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I have no problems at all:
>
> ; <<>> DiG 9.1.3 <<>> @ns1.mydomain.com. mydomain.com. soa
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62082
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
>
> ;; QUESTION SECTION:
> ;mydomain.com. IN SOA
>
> ;; ANSWER SECTION:
> mydomain.com. 2560 IN SOA ns1.mydomain.com.
> hostmaster.mydomain.com. 996591852 16384 2048 1048576 2560
>
> ;; AUTHORITY SECTION:
> mydomain.com. 259200 IN NS ns1.mydomain.com.
> mydomain.com. 259200 IN NS ns2.mydomain.com.
> mydomain.com. 259200 IN NS ns3.mydomain.com.
> mydomain.com. 259200 IN NS ns4.mydomain.com.
>
> ;; ADDITIONAL SECTION:
> ns1.mydomain.com. 86400 IN A 216.34.13.236
> ns2.mydomain.com. 86400 IN A 64.75.34.132
> ns3.mydomain.com. 86400 IN A 64.75.34.140
> ns4.mydomain.com. 86400 IN A 64.75.34.134
>
> ;; Query time: 227 msec
> ;; SERVER: 216.34.13.236#53(ns1.mydomain.com.)
> ;; WHEN: Tue Jul 31 19:00:25 2001
> ;; MSG SIZE rcvd: 213
>
>
> Michael Kjörling
>
>
> On Jul 31 2001 04:33 -0700, Andrew L wrote:
>
> > I'm having problems getting BIND to work correctly.
> >
> > I'm running BIND 9.x on Redhat Linux 7.1
> >
> > I've set up the nameserver so that I can dig @locahost on the nameserver
> and
> > get the correct result.
> > But if I try dig @ns1.mydomain.com I get a connection timed out; no
> servers
> > could be reached.
> > My network's ip address is mapped to ns1.mydomain.com.
> >
> > netstat -a reports that localhost.localdomain:domain is listening on tcp
> > and udp. It also reports that my internal ip address is listening on the
> > domain port on tcp and udp. My nameserver is behind a firewall on which
> I've
> > got the "domain" port mapped to the nameserver.
> >
> > I tried nslookup from another computer behind the firewall and I cannot
> get
> > a response from the nameserver, but I'm able to telnet into it from both
> > inside and outside the firewall, using the same port mapping techniques.
> >
> > What could possibly be the problem?
> >
> > Thanks in advance for any help
> > ,Andy
> ############################################################
> This email message is for the sole use of the intended
> recipient(s)and may contain confidential and privileged
> information. Any unauthorized review, use, disclosure or
> distribution is prohibited. If you are not the intended
> recipient, please contact the sender by reply email and
> destroy all copies of the original message. Any views
> expressed in this message are those of the individual
> sender, except where the sender specifically states them
> to be the views of Intelsat, Ltd. and its subsidiaries.
> ############################################################
>
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
More information about the bind-users
mailing list