Non-Routable IPs from Ext View

Jeff Reasoner jeff.reasoner at mail.hccanet.org
Tue Apr 4 20:28:49 UTC 2006


On Tue, 2006-04-04 at 16:14, Rich Hampton wrote:
> OK, I've posted named.conf and the two db files for the domain in 
> question at the end of the text.
> 
> Rich
> 
> 
> Jeff Reasoner wrote:
> > Please post your named.conf or at least the acl portion to see what IP
> > addresses match the internal view. Sounds like that may be the problem.
> >
> > On Tue, 2006-04-04 at 15:08, Rich Hampton wrote:
> >   
> >> Hello All,
> >>
> >> I've encountered something that I don't completely understand with one 
> >> of my domain configurations.  The whole problem started with some 
> >> domains being unable to send mail to my domain.  Note that I said some.  
> >> One of these domains was DARPA.  When I contacted their sysadmin, I 
> >> learned that their name servers were reporting a non-routable IP address 
> >> for my mail server (which is NAT'd behind a firewall and has a 
> >> non-routable address).  My bind machine (also NAT'd - v9.3.1) is using 
> >> views and and here are two example nslookups, one from inside and the 
> >> other from the outside:
> >>
> >> Inside
> >>
> >> richh at DESFS890:~ $ nslookup mail.denergysolutions.com 
> >> ns1.denergysolutions.com
> >> Server:         ns1.denergysolutions.com
> >> Address:        216.84.38.114#53
> >>
> >> Name:   mail.denergysolutions.com
> >> Address: 192.168.1.2
> >>
> >>
> >> Outside
> >>
> >> [rich at elijah ~]$ nslookup mail.denergysolutions.com ns1.denergysolutions.com
> >> Server:         ns1.denergysolutions.com
> >> Address:        216.84.38.114#53
> >>
> >> Name:   mail.denergysolutions.com
> >> Address: 216.84.38.114
> >>
> >> OK, so far so good, right?  Back to DARPA.  They ended up fixing the 
> >> problem on their end but refused to tell me what was going on.  All they 
> >> would say is that it was not a cache flush.  More recently, I'm having 
> >> issues with 3com's domain (among two others).  They assure me that they 
> >> have flushed their caches and that there is nothing wrong with their 
> >> DNS.  Here is what happens when using their DNS when conducting a lookup:
> >>
> >>
> >> [rich at elijah ~]$ nslookup mail.denergysolutions.com ns.mmm.com
> >> Server:         ns.mmm.com
> >> Address:        192.28.1.248#53
> >>
> >> Non-authoritative answer:
> >> Name:   mail.denergysolutions.com
> >> Address: 192.168.1.2
> >>
> >>
> >> My fear is that I may have had something initially misconfigured when I 
> >> first setup the domain and that internal host addresses got leaked onto 
> >> the net and cached.  If so, is there anything I can do to help force 
> >> these addresses to update?  Is it possible that I could still have 
> >> something misconfigured such that some domains are getting the internal 
> >> view rather that the external view?
> >>
> >> I just don't get it.
> >>
> >> Any ideas you have are greatly appreciated.
> >>
> >> Rich Hampton
> >>
> >>
> >>     
> >
> >
> >
> >   
> root at gw:~# cat /etc/bind/named.conf.local
> //
> // Do any local configuration here
> //
> //
> // Consider adding the 1918 zones here, if they are not used in your
> // organization
> include "/etc/bind/zones.rfc1918";
> //
> view "internal" {
>         match-clients { 192.168.1.0/8; 127.0.0.1; };

The mask is wrong - should be 192.168.1.0/24

>         recursion yes;
>         // prime the server with knowledge of the root servers
>         zone "." {
>                 type hint;
>                 file "/etc/bind/db.root";
>         };
>         zone "localhost" {
>                 type master;
>                 file "/etc/bind/db.local";
>         };
>         zone "127.in-addr.arpa" {
>                 type master;
>                 file "/etc/bind/db.127";
>         };
>         zone "0.in-addr.arpa" {
>                 type master;
>                 file "/etc/bind/db.0";
>         };
>         zone "255.in-addr.arpa" {
>                 type master;
>                 file "/etc/bind/db.255";
>         };
>         zone "168.192.in-addr.arpa" {
>                 type master;
>                 file "/etc/bind/db.192.168";
>         };
>         zone "peakengineeringsolutions.com" {
>                 type master;
>                 file "PES-Internal.db";
>         };
>         zone "denergysolutions.com" {
>                 type master;
>                 file "DES-Internal.db";
>         };
>         zone "digisoft-solutions.com" {
>                 type master;
>                 file "DSS-Internal.db";
>         };
>         zone "peakbusinessservices.net" {
>                 type master;
>                 file "PBS-Internal.db";
>         };
>         zone "peakbizservices.com" {
>                 type master;
>                 file "PBZ-Internal.db";
>         };
> };
> view "external" {
>         match-clients { any; };
>         recursion no;
> //      zone "216.84.38.in-addr.arpa" {
> //              type master;
> //              file "/etc/bind/db.216.84.38";
> //      };
>         zone "peakengineeringsolutions.com" {
>                 type master;
>                 file "PES-External.db";
>         };
>         zone "denergysolutions.com" {
>                 type master;
>                 file "DES-External.db";
>         };
>         zone "digisoft-solutions.com" {
>                 type master;
>                 file "DSS-External.db";
>         };
>         zone "peakbusinessservices.net" {
>                 type master;
>                 file "PBS-External.db";
>         };
>         zone "peakbizservices.com" {
>                 type master;
>                 file "PBZ-External.db";
>         };
> };
> 
> root at gw:~# cat /var/cache/bind/DES-Internal.db
> ;
> ; BIND data file for denergysolutions.com Internal queries
> ;
> $TTL    604800
> @       IN      SOA     ns2.denergysolutions.com. 
> sysadmin.denergysolutions.com. (
>                               1         ; Serial
>                          604800         ; Refresh
>                           86400         ; Retry
>                         2419200         ; Expire
>                          604800 )       ; Negative Cache TTL
> ;
>                 NS      ns;
>                 MX      10 mail.denergysolutions.com.;
>                 MX      20 smtp.denergysolutions.com.;
> @       IN      A       192.168.1.2
> ;
> localhost       A       127.0.0.1
> ns1             A       192.168.1.3
> ns2             A       192.168.1.3
> mail            A       192.168.1.2
> www             A       192.168.1.2
> s2              A       192.168.1.2
> smtp            A       192.168.1.39
> portal          A       192.168.1.2
> 
> root at gw:~# cat /var/cache/bind/DES-External.db
> ;
> ; BIND data file for denergysolutions.com External queries
> ;
> $TTL    604800
> @       IN      SOA     ns2.denergysolutions.com. 
> sysadmin.denergysolutions.com. (
>                               3         ; Serial
>                          604800         ; Refresh
>                           86400         ; Retry
>                          604800         ; Expire
>                          604800 )       ; Negative Cache TTL
> ;
>                 NS      ns1;
>                 NS      ns2;
>                 MX      10 smtp.denergysolutions.com.;
> @       IN      A       216.84.38.114
> ;
> localhost       A       127.0.0.1
> ns              A       216.84.38.114
> ns1             A       216.84.38.114
> ns2             A       216.84.38.114
> mail            A       216.84.38.114
> www             A       216.84.38.114
> portal          A       216.84.38.114
> s2              A       216.84.38.114
> smtp            A       216.84.38.114
> 
> 
> 
> 



More information about the bind-users mailing list