Non-Routable IPs from Ext View
Jeff Reasoner
jeff.reasoner at mail.hccanet.org
Tue Apr 4 20:28:49 UTC 2006
On Tue, 2006-04-04 at 16:14, Rich Hampton wrote:
> OK, I've posted named.conf and the two db files for the domain in
> question at the end of the text.
>
> Rich
>
>
> Jeff Reasoner wrote:
> > Please post your named.conf or at least the acl portion to see what IP
> > addresses match the internal view. Sounds like that may be the problem.
> >
> > On Tue, 2006-04-04 at 15:08, Rich Hampton wrote:
> >
> >> Hello All,
> >>
> >> I've encountered something that I don't completely understand with one
> >> of my domain configurations. The whole problem started with some
> >> domains being unable to send mail to my domain. Note that I said some.
> >> One of these domains was DARPA. When I contacted their sysadmin, I
> >> learned that their name servers were reporting a non-routable IP address
> >> for my mail server (which is NAT'd behind a firewall and has a
> >> non-routable address). My bind machine (also NAT'd - v9.3.1) is using
> >> views and and here are two example nslookups, one from inside and the
> >> other from the outside:
> >>
> >> Inside
> >>
> >> richh at DESFS890:~ $ nslookup mail.denergysolutions.com
> >> ns1.denergysolutions.com
> >> Server: ns1.denergysolutions.com
> >> Address: 216.84.38.114#53
> >>
> >> Name: mail.denergysolutions.com
> >> Address: 192.168.1.2
> >>
> >>
> >> Outside
> >>
> >> [rich at elijah ~]$ nslookup mail.denergysolutions.com ns1.denergysolutions.com
> >> Server: ns1.denergysolutions.com
> >> Address: 216.84.38.114#53
> >>
> >> Name: mail.denergysolutions.com
> >> Address: 216.84.38.114
> >>
> >> OK, so far so good, right? Back to DARPA. They ended up fixing the
> >> problem on their end but refused to tell me what was going on. All they
> >> would say is that it was not a cache flush. More recently, I'm having
> >> issues with 3com's domain (among two others). They assure me that they
> >> have flushed their caches and that there is nothing wrong with their
> >> DNS. Here is what happens when using their DNS when conducting a lookup:
> >>
> >>
> >> [rich at elijah ~]$ nslookup mail.denergysolutions.com ns.mmm.com
> >> Server: ns.mmm.com
> >> Address: 192.28.1.248#53
> >>
> >> Non-authoritative answer:
> >> Name: mail.denergysolutions.com
> >> Address: 192.168.1.2
> >>
> >>
> >> My fear is that I may have had something initially misconfigured when I
> >> first setup the domain and that internal host addresses got leaked onto
> >> the net and cached. If so, is there anything I can do to help force
> >> these addresses to update? Is it possible that I could still have
> >> something misconfigured such that some domains are getting the internal
> >> view rather that the external view?
> >>
> >> I just don't get it.
> >>
> >> Any ideas you have are greatly appreciated.
> >>
> >> Rich Hampton
> >>
> >>
> >>
> >
> >
> >
> >
> root at gw:~# cat /etc/bind/named.conf.local
> //
> // Do any local configuration here
> //
> //
> // Consider adding the 1918 zones here, if they are not used in your
> // organization
> include "/etc/bind/zones.rfc1918";
> //
> view "internal" {
> match-clients { 192.168.1.0/8; 127.0.0.1; };
The mask is wrong - should be 192.168.1.0/24
> recursion yes;
> // prime the server with knowledge of the root servers
> zone "." {
> type hint;
> file "/etc/bind/db.root";
> };
> zone "localhost" {
> type master;
> file "/etc/bind/db.local";
> };
> zone "127.in-addr.arpa" {
> type master;
> file "/etc/bind/db.127";
> };
> zone "0.in-addr.arpa" {
> type master;
> file "/etc/bind/db.0";
> };
> zone "255.in-addr.arpa" {
> type master;
> file "/etc/bind/db.255";
> };
> zone "168.192.in-addr.arpa" {
> type master;
> file "/etc/bind/db.192.168";
> };
> zone "peakengineeringsolutions.com" {
> type master;
> file "PES-Internal.db";
> };
> zone "denergysolutions.com" {
> type master;
> file "DES-Internal.db";
> };
> zone "digisoft-solutions.com" {
> type master;
> file "DSS-Internal.db";
> };
> zone "peakbusinessservices.net" {
> type master;
> file "PBS-Internal.db";
> };
> zone "peakbizservices.com" {
> type master;
> file "PBZ-Internal.db";
> };
> };
> view "external" {
> match-clients { any; };
> recursion no;
> // zone "216.84.38.in-addr.arpa" {
> // type master;
> // file "/etc/bind/db.216.84.38";
> // };
> zone "peakengineeringsolutions.com" {
> type master;
> file "PES-External.db";
> };
> zone "denergysolutions.com" {
> type master;
> file "DES-External.db";
> };
> zone "digisoft-solutions.com" {
> type master;
> file "DSS-External.db";
> };
> zone "peakbusinessservices.net" {
> type master;
> file "PBS-External.db";
> };
> zone "peakbizservices.com" {
> type master;
> file "PBZ-External.db";
> };
> };
>
> root at gw:~# cat /var/cache/bind/DES-Internal.db
> ;
> ; BIND data file for denergysolutions.com Internal queries
> ;
> $TTL 604800
> @ IN SOA ns2.denergysolutions.com.
> sysadmin.denergysolutions.com. (
> 1 ; Serial
> 604800 ; Refresh
> 86400 ; Retry
> 2419200 ; Expire
> 604800 ) ; Negative Cache TTL
> ;
> NS ns;
> MX 10 mail.denergysolutions.com.;
> MX 20 smtp.denergysolutions.com.;
> @ IN A 192.168.1.2
> ;
> localhost A 127.0.0.1
> ns1 A 192.168.1.3
> ns2 A 192.168.1.3
> mail A 192.168.1.2
> www A 192.168.1.2
> s2 A 192.168.1.2
> smtp A 192.168.1.39
> portal A 192.168.1.2
>
> root at gw:~# cat /var/cache/bind/DES-External.db
> ;
> ; BIND data file for denergysolutions.com External queries
> ;
> $TTL 604800
> @ IN SOA ns2.denergysolutions.com.
> sysadmin.denergysolutions.com. (
> 3 ; Serial
> 604800 ; Refresh
> 86400 ; Retry
> 604800 ; Expire
> 604800 ) ; Negative Cache TTL
> ;
> NS ns1;
> NS ns2;
> MX 10 smtp.denergysolutions.com.;
> @ IN A 216.84.38.114
> ;
> localhost A 127.0.0.1
> ns A 216.84.38.114
> ns1 A 216.84.38.114
> ns2 A 216.84.38.114
> mail A 216.84.38.114
> www A 216.84.38.114
> portal A 216.84.38.114
> s2 A 216.84.38.114
> smtp A 216.84.38.114
>
>
>
>
More information about the bind-users
mailing list