Non-Routable IPs from Ext View
Rich Hampton
rich at hamptonhouse.org
Tue Apr 4 20:14:26 UTC 2006
OK, I've posted named.conf and the two db files for the domain in
question at the end of the text.
Rich
Jeff Reasoner wrote:
> Please post your named.conf or at least the acl portion to see what IP
> addresses match the internal view. Sounds like that may be the problem.
>
> On Tue, 2006-04-04 at 15:08, Rich Hampton wrote:
>
>> Hello All,
>>
>> I've encountered something that I don't completely understand with one
>> of my domain configurations. The whole problem started with some
>> domains being unable to send mail to my domain. Note that I said some.
>> One of these domains was DARPA. When I contacted their sysadmin, I
>> learned that their name servers were reporting a non-routable IP address
>> for my mail server (which is NAT'd behind a firewall and has a
>> non-routable address). My bind machine (also NAT'd - v9.3.1) is using
>> views and and here are two example nslookups, one from inside and the
>> other from the outside:
>>
>> Inside
>>
>> richh at DESFS890:~ $ nslookup mail.denergysolutions.com
>> ns1.denergysolutions.com
>> Server: ns1.denergysolutions.com
>> Address: 216.84.38.114#53
>>
>> Name: mail.denergysolutions.com
>> Address: 192.168.1.2
>>
>>
>> Outside
>>
>> [rich at elijah ~]$ nslookup mail.denergysolutions.com ns1.denergysolutions.com
>> Server: ns1.denergysolutions.com
>> Address: 216.84.38.114#53
>>
>> Name: mail.denergysolutions.com
>> Address: 216.84.38.114
>>
>> OK, so far so good, right? Back to DARPA. They ended up fixing the
>> problem on their end but refused to tell me what was going on. All they
>> would say is that it was not a cache flush. More recently, I'm having
>> issues with 3com's domain (among two others). They assure me that they
>> have flushed their caches and that there is nothing wrong with their
>> DNS. Here is what happens when using their DNS when conducting a lookup:
>>
>>
>> [rich at elijah ~]$ nslookup mail.denergysolutions.com ns.mmm.com
>> Server: ns.mmm.com
>> Address: 192.28.1.248#53
>>
>> Non-authoritative answer:
>> Name: mail.denergysolutions.com
>> Address: 192.168.1.2
>>
>>
>> My fear is that I may have had something initially misconfigured when I
>> first setup the domain and that internal host addresses got leaked onto
>> the net and cached. If so, is there anything I can do to help force
>> these addresses to update? Is it possible that I could still have
>> something misconfigured such that some domains are getting the internal
>> view rather that the external view?
>>
>> I just don't get it.
>>
>> Any ideas you have are greatly appreciated.
>>
>> Rich Hampton
>>
>>
>>
>
>
>
>
root at gw:~# cat /etc/bind/named.conf.local
//
// Do any local configuration here
//
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
include "/etc/bind/zones.rfc1918";
//
view "internal" {
match-clients { 192.168.1.0/8; 127.0.0.1; };
recursion yes;
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
zone "168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.192.168";
};
zone "peakengineeringsolutions.com" {
type master;
file "PES-Internal.db";
};
zone "denergysolutions.com" {
type master;
file "DES-Internal.db";
};
zone "digisoft-solutions.com" {
type master;
file "DSS-Internal.db";
};
zone "peakbusinessservices.net" {
type master;
file "PBS-Internal.db";
};
zone "peakbizservices.com" {
type master;
file "PBZ-Internal.db";
};
};
view "external" {
match-clients { any; };
recursion no;
// zone "216.84.38.in-addr.arpa" {
// type master;
// file "/etc/bind/db.216.84.38";
// };
zone "peakengineeringsolutions.com" {
type master;
file "PES-External.db";
};
zone "denergysolutions.com" {
type master;
file "DES-External.db";
};
zone "digisoft-solutions.com" {
type master;
file "DSS-External.db";
};
zone "peakbusinessservices.net" {
type master;
file "PBS-External.db";
};
zone "peakbizservices.com" {
type master;
file "PBZ-External.db";
};
};
root at gw:~# cat /var/cache/bind/DES-Internal.db
;
; BIND data file for denergysolutions.com Internal queries
;
$TTL 604800
@ IN SOA ns2.denergysolutions.com.
sysadmin.denergysolutions.com. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
NS ns;
MX 10 mail.denergysolutions.com.;
MX 20 smtp.denergysolutions.com.;
@ IN A 192.168.1.2
;
localhost A 127.0.0.1
ns1 A 192.168.1.3
ns2 A 192.168.1.3
mail A 192.168.1.2
www A 192.168.1.2
s2 A 192.168.1.2
smtp A 192.168.1.39
portal A 192.168.1.2
root at gw:~# cat /var/cache/bind/DES-External.db
;
; BIND data file for denergysolutions.com External queries
;
$TTL 604800
@ IN SOA ns2.denergysolutions.com.
sysadmin.denergysolutions.com. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
604800 ; Expire
604800 ) ; Negative Cache TTL
;
NS ns1;
NS ns2;
MX 10 smtp.denergysolutions.com.;
@ IN A 216.84.38.114
;
localhost A 127.0.0.1
ns A 216.84.38.114
ns1 A 216.84.38.114
ns2 A 216.84.38.114
mail A 216.84.38.114
www A 216.84.38.114
portal A 216.84.38.114
s2 A 216.84.38.114
smtp A 216.84.38.114
More information about the bind-users
mailing list