How do i get my internal linux dns to retrieve information from an external dns

Kevin Darcy kcd at
Fri Oct 20 01:11:29 UTC 2006

the_iddiot at wrote:
> Hi i am doing this project for a university class i have a Linux
> Firewall running iptables i have a internal network for the DMZ
> (192.168.78.x) and the Lan (192.168.77.x) on the DMZ i have a DNS
> ( and other servers.  the firewall sits on a fake external
> network (which is a internal network) ( with an "external
> DNS" (
> the external dns is win 2003 and the internal is centos
> my problem is that i am trying to run the master slave dns setup
> between the two atm i have got the external dns working it sees all the
> internal information from the linux domain but the internal
> linux dns cannot see the win 2003 server domain
> i have set up forwarding and the natting in the firewall to allow the
> ip address from the"external network" to be translated on port 53 to
> the internal network.
> NET_NIC="eth0"
> DMZ_NIC="eth2"
> iptables -t nat -A PREROUTING -p tcp $NET_NIC --dport 53 -j DNAT
> --to-destination
> iptables -t nat -A PREROUTING -p udp $NET_NIC --dport 53 -j DNAT
> --to-destination
> iptables -A FORWARD -i $NET_NIC -o $DMZ_NIC -p ALL -m state --state
> iptables -A FORWARD -i $DMZ_NIC -o $NET_NIC -p ALL -m state --state
> i believe that is the relivant information from the IPtables if you
> wish to see the whole iptables i can set up ssh and get it i supose
> i do not understand even though i have opened the ports and set it up
> to allow this passage of data from the external DNS to the internal one
> it does not allow this data through
> when i restare named i get the error message in the logs
> transfer of '' from failed while
> recieving responses: Primisison denied
Um, I'm pretty sure the "permission denied"message (that's what you 
meant, right? why did you alter the text of the error message?) 
indicates a *file*permissions* problem, not anything to do with your 
network or firewall configuration.

            - Kevin

More information about the bind-users mailing list