RE: DNS not responding
From: Richard Bewley (rbewley_at_friend.ly.net)
Date: 11/28/03
- Previous message: Pete Nesbitt: "Re: kernel installation & module dependencies?"
- In reply to: Jason Dixon: "Re: DNS not responding"
- Next in thread: Jason Dixon: "RE: DNS not responding"
- Reply: Jason Dixon: "RE: DNS not responding"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: <redhat-list@redhat.com> Date: Thu, 27 Nov 2003 21:41:35 -0500
Hi,
Thanks for the response. The Cisco commands simply accomplish port mapping,
so that all DNS requests are sent to my linux box (since obviously the
router isn't serving my dns zone). The end result, is I want to host a dns
zone off the linux box, and have it available when somebody queries
12.159.185.248 (the cisco router's ip address).
Now, I know this type of setup works, because if I map port 80 to 10.3.0.10,
I can view webpages from the outside world at 12.159.185.248 fine. The
packet comes in, goes to the linux box, and back out again. I'm wondering
if there's something different going on because it's UDP...
Thanks,
Richard
-----Original Message-----
From: redhat-list-admin@redhat.com [mailto:redhat-list-admin@redhat.com] On
Behalf Of Jason Dixon
Sent: Thursday, November 27, 2003 9:09 PM
To: Red Hat Mailing List
Subject: Re: DNS not responding
On Thu, 2003-11-27 at 20:41, Richard Bewley wrote:
> Hello,
>
> This is more of a networking question, than a redhat specific question, or
> dns. Basically, on my setup, I have an ISDN line, which is connected to a
> Cisco router, 10.3.0.1. This is connected directly to eth1 of my linux
box,
> which eth1 has the ip address 10.3.0.10. The other interface, eth0 has IP
> address 10.5.0.1, and handles all of my internal stuff, and acts as
> firewall/gateway. I plan to shortly get rid of the ISDN line and Cisco
> router, which is why I've moved to this setup.
>
> On the Cisco, I have the following lines:
> ip nat inside source static tcp 10.3.0.10 53 12.159.185.248 53 extendable
> ip nat inside source static udp 10.3.0.10 53 12.159.185.248 53 extendable
>
> This allows all tcp and udp requests on port 53 to be forwarded to my
linux
> box. Now, when I do a dig @12.159.185.248 domain.com, it times out. When
I
> check the named logs on my linux box, I can see the query, so I know the
> packet is coming in and being forwarded to the box correctly, however the
> problem seems to be that the packet is never able to go back out again.
> Just for troubleshooting, I added the following to iptables:
I'm no Cisco expert, so I don't fully comprehend what your syntax
attempts to do, but I suspect you're doing what some folks refer to as
"reflection". You're attempting to bounce traffic internally, but you
haven't translated the source address on the redirected packets.
Because of this, the linux box sees the source address of the packet as
being from a client on the same LAN, and attempts to deliver the return
packet directly, rather than routing it back through the router as it
should.
You have a few different choices:
1a) Rather than try to mangle DNS, go ahead and set your clients' DNS
settings to point to the Linux server.
1b) If you're trying to redirect requests for your own zones, use
split-horizon DNS.
2) Translate the source address at the router when you perform
redirection (dest address translation).
3) Add a static route on your Linux box for 10.3.0.10/? to go through
the default gateway (override the default LAN/interface behavior).
You'll also have to add the extra NAT rules to your router to support
this "bounce" effect. This is the ugliest, but it should work. I've
never done this on Cisco, but I've done it on Linux/*BSD gateways.
Hope this makes sense. It would help if you could give a better
explanation of your desired end result (what you're *really* trying to
accomplish).
-- Jason Dixon, RHCE DixonGroup Consulting http://www.dixongroup.net -- redhat-list mailing list unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
- Previous message: Pete Nesbitt: "Re: kernel installation & module dependencies?"
- In reply to: Jason Dixon: "Re: DNS not responding"
- Next in thread: Jason Dixon: "RE: DNS not responding"
- Reply: Jason Dixon: "RE: DNS not responding"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
