Bind behind Cisco 675 router
Brad Knowles
brad.knowles at skynet.be
Sun Sep 23 16:49:05 UTC 2001
At 6:46 PM -0600 9/22/01, Deon Garrett wrote:
> Yeah, it seems to work to resolve my own domain. The major problem
> I have right now is that my nameserver seems to try to resolve any
> hostname on the internet to my IP address. If you put
>
> nameserver 66.7.185.147
>
> in your /etc/resolv.conf file, and try to ping www.yahoo.com, you'll
> actually be pinging 66.7.185.147. Going through my router somehow causes
> any A record to be assigned to that IP address. I'm pretty sure it's the
> router, since that doesn't happen if I use 192.168.1.2 for my nameserver,
> and using that means that the data never has to pass through the Cisco...
Yup, this is pretty bogus:
% dig @66.7.185.147 www.aol.com. any
; <<>> DiG 9.2.0rc3 <<>> @66.7.185.147 www.aol.com. any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22119
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.aol.com. IN ANY
;; ANSWER SECTION:
www.aol.com. 3600 IN CNAME aol.com.
;; AUTHORITY SECTION:
aol.com. 0 IN NS dns-02.ns.aol.com.
aol.com. 0 IN NS dns-01.ns.aol.com.
;; ADDITIONAL SECTION:
dns-01.ns.aol.com. 0 IN A 66.7.185.147
dns-02.ns.aol.com. 0 IN A 66.7.185.147
;; Query time: 223 msec
;; SERVER: 66.7.185.147#53(66.7.185.147)
;; WHEN: Sun Sep 23 12:44:55 2001
;; MSG SIZE rcvd: 120
But note that it doesn't do this if you force the use of TCP
instead of UDP:
% dig @66.7.185.147 www.aol.com. any +vc
; <<>> DiG 9.2.0rc3 <<>> @66.7.185.147 www.aol.com. any +vc
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36173
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.aol.com. IN ANY
;; ANSWER SECTION:
www.aol.com. 3390 IN CNAME aol.com.
;; AUTHORITY SECTION:
aol.com. 3390 IN NS dns-01.ns.aol.com.
aol.com. 3390 IN NS dns-02.ns.aol.com.
;; ADDITIONAL SECTION:
dns-01.ns.aol.com. 141385 IN A 152.163.159.232
dns-02.ns.aol.com. 141385 IN A 205.188.157.232
;; Query time: 112 msec
;; SERVER: 66.7.185.147#53(66.7.185.147)
;; WHEN: Sun Sep 23 12:48:25 2001
;; MSG SIZE rcvd: 120
Almost certainly the router is at fault. This is the same kind
of garbage we've seen from cisco in the past. I don't know how you'd
configure it not to munge DNS packets, but hopefully this will be
something you can turn off. I'd suggest doing some digging around on
the cisco web site, where they seem to have a fair amount of
documentation regarding their various products.
> If I ever get my server to work, I'll figure out what to do about a
> secondary server, backup mail server, etc. It really isn't that big
> a deal, as all I really want is to be able to ssh/scp/cvs/etc into my
> box by name when I'm on the road so I can work without putting everything
> on my laptop. My ISP will host primary and secondary nameservers for
> something like 5 bucks a month.
>
> It just seemed like a good project to play with to get it working for
> myself.
Good luck! If/when you ever get things working correctly, please
let us know what you did so that we can provide this advice to other
people who may have this problem.
--
Brad Knowles, <brad.knowles at skynet.be>
H4sICIFgXzsCA2RtYS1zaWcAPVHLbsMwDDvXX0H0kkvbfxiwVw8FCmzAzqqj1F4dy7CdBfn7
Kc6wmyGRFEnvvxiWQoCvqI7RSWTcfGXQNqCUAnfIU+AT8OZ/GCNjRVlH0bKpguJkxiITZqes
MxwpSucyDJzXxQEUe/ihgXqJXUXwD9ajB6NHonLmNrUSK9nacHQnH097szO74xFXqtlbT3il
wMsBz5cnfCR5cEmci0Rj9u/jqBbPeES1I4PeFBXPUIT1XDSOuutFXylzrQvGyboWstCoQZyP
dxX4dLx0eauFe1x9puhoi0Ao1omEJo+BZ6XLVNaVpWiKekxN0VK2VMpmAy+Bk7ZV4SO+p1L/
uErNRS/qH2iFU+iNOtbcmVt9N16lfF7tLv9FXNj8AiyNcOi1AQAA
More information about the bind-users
mailing list