FW: Running public Bind Server from behind firewall

Cranfield, Matthew Matthew.Cranfield at croydon.ac.uk
Tue Jun 7 13:34:25 UTC 2005 



Matthew Cranfield
Network Analyst
IT Services
Croydon College
Tel: +44 20 8686 5700x3151
Email: matthew.cranfield at croydon.ac.uk=20
=20

-----Original Message-----
From: Furley, Stephen=20
Sent: 07 June 2005 14:27
To: Cranfield, Matthew
Subject: FW: Running public Bind Server from behind firewall



-----Original Message-----
From: Furley, Stephen=20
Sent: 07 June 2005 10:02
To: 'bind-users at isc.org'
Subject: RE: Running public Bind Server from behind firewall


Try putting 'query-source address * port 53; in your named.conf file.
It's in the sample file that comes with Fedora, and probably other
distributions, but is commented out.

> From: bind-users-bounce at isc.org on behalf of Kurt
> Boyack[SMTP:KBOYACK at GMAIL.COM]
> Sent: Tuesday, June 07, 2005 6:47:07 AM
> To: John McGowan
> Cc: bind-users at isc.org
> Subject: Re: Running public Bind Server from behind firewall
> Auto forwarded by a Rule
>=20
> On 6/6/05, John McGowan <mcgowan at lynch2.com> wrote:
> > I've been running bind for a while now without any problems.  server
is
> > on public ip space behind a L2 transparent firewall.
> >=3D20
> > I just reconfigured the server to be on a private ip address and
moved
> > it behind a new firewall that is not a L2 transparent firewall.  I
have
> > setup a "Mapped IP" on the firewall, but for some reason DNS doesn't
> > work like it should.  looks like responses to queries done by the
dns
> > server aren't getting back.
> >=3D20
> > The thing that's confusing me is that all other services on the
machine
> > that were moved are working fine SMTP, POP, HTTP.  DNS is the only
> > service that is having problems.
> >=3D20
> > Is there something obvious that I would have to change in my
named.conf
> > to support a bind server running on a private ip address behind a
> > firewall?  (keep in mind that the firewalls i'm running are
identical
> > with identical policies, the only difference is the introduction of
this
> > private ip network)
> >=3D20
>=20
> Does your named.conf contain a "blackhole" statement? If it does and
> the queries are coming from the private IP address of your firewall,
> that could be your problem.
>=20

More information about the bind-users mailing list