[ previous ] [ next ] [ threads ]
 
 From:  Michael Brown <knightmb at knightmb dot dyndns dot org>
 To:  m0n0wall list <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] DNS Forwarder oddity...
 Date:  Mon, 07 Aug 2006 14:41:15 -0500
Two things come to mind.

Turn the DNS Forwarder off, then back on again, make sure the "Register 
DHCP leases in DNS forwarder" is checked.

Make sure the TTL on those domains are not set insanely high (like 2 
days or something) otherwise you end up getting a cached address, you 
could try flushing the DNS cache on your system and try again.

Second thing, make sure the alias names on the webserver are generic and 
not IP specific.  Otherwise when you hit the site, it will expect a 
response out to the WAN IP instead of the local IP.

Try those and let us know what happens.

Thanks,
Michael

Krist van Besien wrote:
> Hello,
>
> I have the following situation:
>
> I have a webserver sitting behing a m0n0wall. The m0n0wall has a DNS
> name assigned to it's virtual address. Port 80 is forwarded to the
> webserver. I have a few sites running on the webserver, and for these
> my "public" DNS has a number of aliases defined.
>
> This looks like this:
>
> tine.vanbesien.net   CNAME webserver.vanbesien.net
> broen.vanbesien.net    CNAME    webserver.vanbesien.net
> webserver.vanbesien.net CNAME bremgarten.vanbesien.net
> bremgarten.vanbesien.net A  <current WAN IP address of my m0n0wall>
>
> The problem is that with this setup I can't access my sites from
> behind my firewall, as the names resolv to the WAN address.
>
> To try  solve this I entered a static DNS entry in the m0n0wall DNS 
> forwarder:
>
> webserver.vanbesien.net A 192.168.2.91
>
> This refers to the local webservers' address.
>
> When I now try to resolve the name it still doesn't work as expected:
>
> krist@aare:~$ dig  broen.vanbesien.net
>
> ; <<>> DiG 9.3.2 <<>> broen.vanbesien.net
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13788
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;broen.vanbesien.net.           IN      A
>
> ;; ANSWER SECTION:
> broen.vanbesien.net.    6140    IN      CNAME   webserver.vanbesien.net.
> webserver.vanbesien.net. 6140   IN      CNAME   bremgarten.vanbesien.net.
> bremgarten.vanbesien.net. 300   IN      A       62.203.246.126
>
> ;; Query time: 186 msec
> ;; SERVER: 192.168.2.1#53(192.168.2.1)
> ;; WHEN: Mon Aug  7 21:29:37 2006
> ;; MSG SIZE  rcvd: 102
>
> but:
>
> krist@aare:~$ dig webserver.vanbesien.net
>
> ; <<>> DiG 9.3.2 <<>> webserver.vanbesien.net
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 668
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;webserver.vanbesien.net.       IN      A
>
> ;; ANSWER SECTION:
> webserver.vanbesien.net. 0      IN      A       192.168.2.91
>
> ;; Query time: 1 msec
> ;; SERVER: 192.168.2.1#53(192.168.2.1)
> ;; WHEN: Mon Aug  7 21:30:12 2006
> ;; MSG SIZE  rcvd: 57
>
> So you can see when I ask to get the IP of webserver.vanbesien.net I
> get the correct (from the point of view of my server) IP address. When
> I for a name aliased to webserver.vanbesien.net I get as final answer
> my WAN ip addres.
>
> Why is this? In both cases the DNS requests go to the m0n0wall.
>
> Krist
>