Problems with DNS behind firewall.

arjen-bind at 3va.net arjen-bind at 3va.net
Mon Jun 4 20:18:29 UTC 2001 


1.1.1.something you cannot use. If these are internal IPs, use
in the 10/24, 192.168/16 and 172.16/16 blocks (or maybe the last two
blocks are even /24). If these are external IPs, I wonder who gave 
'em to you...

Also you must probably get your PTR records right...

Anyway, you could send some more info on your internal net (IP's)
and you external IP's...


Grtz, 

Arjen.


On Mon, 4 Jun 2001, robert cerulli wrote:

> Hi all,
> 
>     I have a big problem =(, At our company, we have 2 [linux] dns servers
> on a DMZ behind a Cisco Pix Firewall. Theres a Few Problems. First and
> foremost problem is that until a few recent hosts file additions the
> machines couldnt resolv anything themselves, however remote machines can do
> an NSLOOKUP to those DNS with little or no problems. Now for example i can
> ping a machine like so:
> 
> [root at copernicus /root]# ping -U www.google.com
> PING www.google.com (216.239.33.100) from 1.1.1.207 : 56(84) bytes of data.
> 64 bytes from www.google.com (216.239.33.100): icmp_seq=0 ttl=52 time=76.637
> msec
> 64 bytes from www.google.com (216.239.33.100): icmp_seq=1 ttl=52 time=76.456
> msec
> 64 bytes from www.google.com (216.239.33.100): icmp_seq=2 ttl=52 time=87.571
> msec
> 64 bytes from www.google.com (216.239.33.100): icmp_seq=3 ttl=52 time=76.511
> msec
> 
> --- www.google.com ping statistics ---
> 4 packets transmitted, 4 packets received, 0% packet loss
> round-trip min/avg/max/mdev = 76.456/79.293/87.571/4.791 ms
> [root at copernicus /root]#
> 
> and it works fine, however if i do an nslookup the following occurs:
> 
> 
> [root at copernicus /root]# nslookup
> *** Can't find server name for address 1.1.1.213: No response from server
> *** Can't find server name for address 1.1.1.212: Non-existent host/domain
> *** Default servers are not available
> [root at copernicus /root]#
> 
> i also have tried using nslookup to the real ips on the outside of the
> firewall that tunnel through to these DMZ ips, still no luck.
> 
> Any help Appreciated.
> 
> > Robert Cerulli > Senior Unix Administrator >
> 
> > robert at NOSPAM.rga.com > 212.946.xxxx >
> 
> 
> 
> 
>

More information about the bind-users mailing list