I have a suse 10.0 machine which is a dns (configured with yast) and http server. This machine works behind a firewall which is a suse 9.1 box (53, 80 ports are forwarded to dns box). Everything is working fine but the dns does not resolve addresses running on itself.
On the dns i have two websites running. I can access both of them outsinde, from the internet, but inside the network nothing happens…(inside the network every web page form the internet is working fine) if i use ip instead of domain name i can see the page which is set first in apache.
How can i solve this problem?
Thanks!
Hi,
Does this mean your machine is the ns-server for your domains or is it only an internal cache server?
Bye
Erik
First you should check what the systems in your local network have configured as their DNS server. When they are Linux/Unix system that must be in /etc/resolv.conf.
it is the ns-server
thanks!
bye!
it is the ns-server
thanks!
bye!
they are xp boxes with dns ip of dns server (suse box) should i use firewalls ip? hmm…
I do not know very much about XP, but maybe you can check if i resolves from your owNS server or not byusing something like nslookup or dig.
this is what i got digging on the dns
wms:~ # dig Mobile Home - Kontex
; <<>> DiG 9.3.1 <<>> Mobile Home - Kontex
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54149
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 1
;; QUESTION SECTION:
;Mobile Home - Kontex. IN A
;; ANSWER SECTION:
Mobile Home - Kontex. 172800 IN CNAME mobilehome-kontex.com.
mobilehome-kontex.com. 172800 IN A 82.77.53.77
;; AUTHORITY SECTION:
mobilehome-kontex.com. 172800 IN NS S.C. KONTEX S.R.L..
mobilehome-kontex.com. 172800 IN NS Mobile Home - Kontex.
mobilehome-kontex.com. 172800 IN NS mobilehome-kontex.com.
mobilehome-kontex.com. 172800 IN NS ns1.mobilehome-kontex.com.
;; ADDITIONAL SECTION:
ns1.mobilehome-kontex.com. 172800 IN A 82.77.53.77
;; Query time: 2 msec
;; SERVER: 192.168.1.101#53(192.168.1.101)
;; WHEN: Wed May 13 16:54:02 2009
;; MSG SIZE rcvd: 162
and dig for the other domain
wms:~ # dig S.C. KONTEX S.R.L.
; <<>> DiG 9.3.1 <<>> S.C. KONTEX S.R.L.
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63141
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 1
;; QUESTION SECTION:
;S.C. KONTEX S.R.L.. IN A
;; ANSWER SECTION:
S.C. KONTEX S.R.L.. 172800 IN CNAME kontex.ro.
kontex.ro. 172800 IN A 82.77.53.77
;; AUTHORITY SECTION:
kontex.ro. 172800 IN NS ns1.kontex.ro.
kontex.ro. 172800 IN NS S.C. KONTEX S.R.L..
kontex.ro. 172800 IN NS kontex.ro.
;; ADDITIONAL SECTION:
ns1.kontex.ro. 172800 IN A 82.77.53.77
;; Query time: 2 msec
;; SERVER: 192.168.1.101#53(192.168.1.101)
;; WHEN: Wed May 13 16:55:04 2009
;; MSG SIZE rcvd: 123
now dig on the firewall
gw:~ # dig S.C. KONTEX S.R.L.
; <<>> DiG 9.2.3 <<>> S.C. KONTEX S.R.L.
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57824
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 1
;; QUESTION SECTION:
;S.C. KONTEX S.R.L.. IN A
;; ANSWER SECTION:
S.C. KONTEX S.R.L.. 172800 IN CNAME kontex.ro.
kontex.ro. 172800 IN A 82.77.53.77
;; AUTHORITY SECTION:
kontex.ro. 172800 IN NS kontex.ro.
kontex.ro. 172800 IN NS ns1.kontex.ro.
kontex.ro. 172800 IN NS S.C. KONTEX S.R.L..
;; ADDITIONAL SECTION:
ns1.kontex.ro. 172800 IN A 82.77.53.77
;; Query time: 4 msec
;; SERVER: 192.168.1.101#53(192.168.1.101)
;; WHEN: Thu May 14 00:27:10 2009
;; MSG SIZE rcvd: 123
the other domain on the firewall
gw:~ # dig Mobile Home - Kontex
; <<>> DiG 9.2.3 <<>> Mobile Home - Kontex
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58776
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 1
;; QUESTION SECTION:
;Mobile Home - Kontex. IN A
;; ANSWER SECTION:
Mobile Home - Kontex. 172800 IN CNAME mobilehome-kontex.com.
mobilehome-kontex.com. 172800 IN A 82.77.53.77
;; AUTHORITY SECTION:
mobilehome-kontex.com. 172800 IN NS ns1.mobilehome-kontex.com.
mobilehome-kontex.com. 172800 IN NS S.C. KONTEX S.R.L..
mobilehome-kontex.com. 172800 IN NS Mobile Home - Kontex.
mobilehome-kontex.com. 172800 IN NS mobilehome-kontex.com.
;; ADDITIONAL SECTION:
ns1.mobilehome-kontex.com. 172800 IN A 82.77.53.77
;; Query time: 4 msec
;; SERVER: 192.168.1.101#53(192.168.1.101)
;; WHEN: Thu May 14 00:27:47 2009
;; MSG SIZE rcvd: 162
I suppose these are from your windows systems. All the calls use the same server: 192.168.1.101. And the resolving seams to work!
I am however amazed about the strange system/domain names in use.
Mobile Home - Kontex
White space is not alowed imho.
g S.C. KONTEX S.R.L.
Not only white space, but L is not realy a root domain.
In any case Mobile Home - Kontex is a CNAME of mobilehome-kontex.com which has IP address 82.77.53.77.
When I search for this IP address I get:
henk@boven:~> nslookup 82.77.53.77
Server: 194.109.6.66
Address: 194.109.6.66#53
Non-authoritative answer:
77.53.77.82.in-addr.arpa name = mail.kontex.ro.
Authoritative answers can be found from:
henk@boven:~>
Looks like a real mess of names, but what is the problem?
when i pasted http://www.kontex.ro the forum page had transformed it in S.C. KONTEX S.R.L. donno why…
the problem is that inside the local network i can not access http://www.kontex.ro and http://www.mobilehome-kontex.com
OK, I do understand these strange names now. It is indeed something of the Forum.
But when we reread your *dig *output, replacing with the correct names, it shows that the DNS server (192.168.1.101) is returning 82.77.53.77 for all three systems. That is of course NOT inside your LAN, but outside on the Internet. I do not know why the systems on your LAN can not access those systems on the Internet, but it is NOT because the DNS does not resolve their address.
When these server systems are also inside your LAN and you want to access them from inside the LAN with another IP address (in the LAN range 192.168.1.*) you must use a different resolver source for those systems inside your LAN. This can be either anotther DNS server or a local configuration in the LAN systems (in Linux this goes into /etc/hosts). And then /etc/hosts must have priority above the DNS server (this priority is configured in /etc/nsswitch.conf, but files before dns is the default). Then, when a local solution is available this will be used and for other names (like forums.opensus.org) the DNS server wil be consulted because there is no solution in /etc/hosts.
And as an afterthought (one never stops thinking about other ones problems when walking in nature), I think the router will not route the packets to 82.77.53.77 from inside because it knows that it is its own address. It will route from outside to inside (using NAT).
hmm… may be:\
there are only xp boxes… i will try to edit host files and see whats happening… im really curious… maybe u r right… 
until now i can say thanks!
The firewall will only do a loopback if it has been set up to do so. It can be done with an iptables rule but this is not the default behaviour with firewalls.
Generally the simpler way to resolve domain names on the inside is to use split horizon DNS so that packets don’t have to go through the router but go straight to the other LAN machine. Then your URLs can be the same for inside as outside.
can you give more details?
thanks!
Basically you run your own DNS server to resolve your domain names and to send all other queries to the outside world and make all your clients use that.
ok… this is the actual situation, i have dns for resolving queries… everything is working for queries to outside world but not working for inside domains and is working for queries from outside world to inside domains. :\
Then you have to make it work for the inside. Have you set up the zone files?
i did
cat kontex.roXX
$TTL 2d
@ IN SOA wms.kontex.ro. root.wms.kontex.ro. (
2009041301 ; serial
3h ; refresh
1h ; retry
1w ; expiry
1d ) ; minimum
kontex.ro. IN MX 5 wms.kontex.ro.
kontex.ro. IN MX 0 mail.kontex.ro.
kontex.ro. IN NS ns1.kontex.ro.
kontex.ro. IN NS S.C. KONTEX S.R.L..
kontex.ro. IN NS kontex.ro.
wms IN A 82.77.53.77
mail IN A 82.77.53.77
www IN CNAME kontex.ro.
ns1 IN A 82.77.53.77
kontex.ro. IN A 82.77.53.77
and second
cat mobilehome-kontex.com
$TTL 2d
@ IN SOA wms.kontex.ro. root.wms.kontex.ro. (
2009041307 ; serial
3h ; refresh
1h ; retry
1w ; expiry
1d ) ; minimum
mobilehome-kontex.com. IN NS ns1.mobilehome-kontex.com.
mobilehome-kontex.com. IN NS mobilehome-kontex.com.
mobilehome-kontex.com. IN NS Mobile Home - Kontex.
mobilehome-kontex.com. IN NS S.C. KONTEX S.R.L..
mobilehome-kontex.com. IN MX 4 mail.mobilehome-kontex.ro.
wms IN A 82.77.53.77
www IN CNAME mobilehome-kontex.com.
ns1 IN A 82.77.53.77
mail IN A 82.77.53.77
mobilehome-kontex.com. IN A 82.77.53.77
both are set with yast.