[ previous ] [ next ] [ threads ]
 
 From:  "Steve Thomas" <sthomas at consultant dot com>
 To:  "Krist van Besien" <krist dot vanbesien at gmail dot com>, "m0n0wall list" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] DNS Forwarder oddity...
 Date:  Mon, 07 Aug 2006 22:11:20 -0500
The easy way to fix this is to enter the local
IPs for the servers in the HOSTS file on each
of your internal machines.

The HOSTS file takes precedence over DNS.


> ----- Original Message -----
> From: "Krist van Besien" <krist dot vanbesien at gmail dot com>
> To: "m0n0wall list" <m0n0wall at lists dot m0n0 dot ch>
> Subject: [m0n0wall] DNS Forwarder oddity...
> Date: Mon, 7 Aug 2006 21:32:28 +0200
> 
> 
> Hello,
> 
> I have the following situation:
> 
> I have a webserver sitting behing a m0n0wall. The m0n0wall has a DNS
> name assigned to it's virtual address. Port 80 is forwarded to the
> webserver. I have a few sites running on the webserver, and for these
> my "public" DNS has a number of aliases defined.
> 
> This looks like this:
> 
> tine.vanbesien.net   CNAME webserver.vanbesien.net
> broen.vanbesien.net    CNAME    webserver.vanbesien.net
> webserver.vanbesien.net CNAME bremgarten.vanbesien.net
> bremgarten.vanbesien.net A  <current WAN IP address of my m0n0wall>
> 
> The problem is that with this setup I can't access my sites from
> behind my firewall, as the names resolv to the WAN address.
> 
> To try  solve this I entered a static DNS entry in the m0n0wall DNS forwarder:
> 
> webserver.vanbesien.net A 192.168.2.91
> 
> This refers to the local webservers' address.
> 
> When I now try to resolve the name it still doesn't work as expected:
> 
> krist@aare:~$ dig  broen.vanbesien.net
> 
> ; <<>> DiG 9.3.2 <<>> broen.vanbesien.net
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13788
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;broen.vanbesien.net.           IN      A
> 
> ;; ANSWER SECTION:
> broen.vanbesien.net.    6140    IN      CNAME   webserver.vanbesien.net.
> webserver.vanbesien.net. 6140   IN      CNAME   bremgarten.vanbesien.net.
> bremgarten.vanbesien.net. 300   IN      A       62.203.246.126
> 
> ;; Query time: 186 msec
> ;; SERVER: 192.168.2.1#53(192.168.2.1)
> ;; WHEN: Mon Aug  7 21:29:37 2006
> ;; MSG SIZE  rcvd: 102
> 
> but:
> 
> krist@aare:~$ dig webserver.vanbesien.net
> 
> ; <<>> DiG 9.3.2 <<>> webserver.vanbesien.net
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 668
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;webserver.vanbesien.net.       IN      A
> 
> ;; ANSWER SECTION:
> webserver.vanbesien.net. 0      IN      A       192.168.2.91
> 
> ;; Query time: 1 msec
> ;; SERVER: 192.168.2.1#53(192.168.2.1)
> ;; WHEN: Mon Aug  7 21:30:12 2006
> ;; MSG SIZE  rcvd: 57
> 
> So you can see when I ask to get the IP of webserver.vanbesien.net I
> get the correct (from the point of view of my server) IP address. When
> I for a name aliased to webserver.vanbesien.net I get as final answer
> my WAN ip addres.
> 
> Why is this? In both cases the DNS requests go to the m0n0wall.
> 
> Krist
> 
> -- krist dot vanbesien at gmail dot com
> Bremgarten b. Bern, Switzerland
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

>