Request external, logs show internal address
david at lewisit.com
david at lewisit.com
Tue Apr 5 20:38:18 UTC 2005
Weird-ass problem that's been plaguing me for a long time.
On my BIND 9.2.1 server I use 2 views, internal and external.
If someone outside looks up my server, say ns.foo.com, they
get the correct address, say 9.9.9.9. Internal users also
get the correct address, say 10.1.1.1.
Now, PTR. Internally, I can do a reverse lookup for
10.1.1.1 and the logs show it asking for 10.1.1.1. The
server responds correctly with ns.foo.com. Logs and
answer are also both correct if the internal user looks
up 9.9.9.9.
External, however... If an external user looks up the
external IP, 9.9.9.9, the logs show it as asking for the
internal address, 10.1.1.1. If I refuse to give the
internal address, which I normally would, no answer is
returned. If I turn off the ACL, the external user gets
the response, ns.foo.com.
I've tried "dig -x 9.9.9.9", "dig -x 9.9.9.9 @9.9.9.9",
"host 9.9.9.9" and "host 9.9.9.9 9.9.9.9".
Now, on one external machine, running dig 2.0, dig sends
not a PTR query but an ANY query. This works. My logs
show an ANY query for 9.9.9.9 and the answer returns
ns.foo.com.
I've tried removing all references to the internal
addresses in my named data files as well as removing
etc/hosts. No difference, the logs still seem to
think I'm looking for an internal address.
Any ideas?
More information about the bind-users
mailing list