|
||||||||||
I think you need two rules: Interface Source : Port -> Dest : Port DMZ <BIND> : 53 -> <MS DNS>: 53 LAN <MS DNS>: 53 -> <BIND> : 53 <BIND> being your Linux box on your DMZ <MS DNS> being your Microsoft box on LAN (AT 192.168.10.100 from the syslog below) I would suggest setting up alias for your MS and Linux Box - these are just shortcuts for creating firewall and NAT rules. In other words you can use the name of your box instead of the IP address when creating rules. The other advantage is that if you need to change the IP of a server, do not need to edit *ALL* the rules - just the alias. If the rules don't work, it could be a problem with the Microsoft DNS not accepting the connection from the Linux box. I am assuming that this worked before you setup the m0n0wall. On the zone in question, is the Linux box listed as a Name Server for the zone (I assume yes)? Is zone transfers enabled (mine is *NOT* by default - SBS2003)? Is the Linux box shown as "allowed" to zone transfer? What IPs are shown - have these changed? _________________________________ James W. McKeand -----Original Message----- From: Sven Kobow [mailto:s dot kobow at maul dash theet dot de] Sent: Thursday, September 02, 2004 6:21 AM To: m0n0wall mailling list Subject: [m0n0wall] Problems with DNS server replication Hi, I need the following problem to be solved: I got my internal net 192.168.10.0/24 and a DMZ 192.168.0./24 connected by m0n0wall. In both subnets are DNS (MS DNS internal, BIND DMZ) servers. The DNS server in my internal net has the master zone for my domain and the DNS in the DMZ has a slave zone. The problem is that replication does not work properly. I checked syslog on my Linux box running BIND and found: Sep 2 12:13:30 <LINUXBOX> /usr/sbin/named[11906]: refresh_callback: zone foo.bar/IN: failure for 192.168.10.100#53: timed out Sep 2 12:13:30 <LINUXBOX> /usr/sbin/named[11906]: refresh_callback: zone foo.bar/IN: 192.168.10.100#53: retries exceeded I need to know how to setup rules for this to work! Thanx Sven |