[H-GEN] Bind from behind a firewall
Snowy Angelique Maslov aka 'Snowpony'
snowy at snowy.org
Wed Sep 10 08:47:06 EDT 2003
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 10 Sep 2003, Rick Phillips wrote:
> The URL has been registered for 2 days now but as yet, my name server is not
> serving it to the world.
>
> Firstly, as I can't test properly from "inside" can someone please "ping",
> "dig" or "host" www.qmp.net.au for me to see if there is a result.
[/u01/home/snowy]$ nslookup -sil -type=any www.qmp.net.au borgcube.hcit.com.au
;; connection timed out; no servers could be reached
[/u01/home/snowy]$ nslookup -sil -type=any www.qmp.net.au
hegwig.suntech.net.au
;; connection timed out; no servers could be reached
[/u01/home/snowy]$ nslookup -sil -type=any qmp.net.au borgcube.hcit.com.au
Server: borgcube.hcit.com.au
Address: 203.63.166.2#53
Non-authoritative answer:
qmp.net.au nameserver = borgcube.hcit.com.au.
qmp.net.au nameserver = hegwig.suntech.net.au.
Authoritative answers can be found from:
[/u01/home/snowy]$ nslookup -sil -type=any qmp.net.au hegwig.suntech.net.au
;; connection timed out; no servers could be reached
By the looks of it your machine doesn't seem to allow queries on the external
interface.
> Secondly, can anyone point me in the direction of any "gotchas" that they
> might be aware of. My named.conf file is fairly long with the zones and the
> two views but I will post it edited or in full if anyone wants to peruse my
> effort.
Well my first suggestion would be to check the binding of named to make sure
it is bound to use a source port of 53 and check which is in the logs when you
are running it. I would also make sure that your firewall indeed has a hole
in it to let DNS queries through.
- --
Snowy "Snowpony" Angelique Cerise Maslov -- http://snowy.org/email.signature
PGP (GnuPG) fingerprint = 5280 6EBC D281 A9D2 564B E274 B2EC 54C3 8325 CECD
Email not addressed/CCd to snowy at snowy.org BOUNCE. READ URL for disclaimer!
"Ignorance killed the cat, sir. Curiosity was framed." ---C.J. Cherryh
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
iD8DBQE/Xx1KsuxUw4Mlzs0RAilMAJ0aVnCYd34EvKf9EiZUIGVlxBMBBwCfTFeM
Fj4JBGwuIsMHz0wRG8IRo8E=
=+0M5
-----END PGP SIGNATURE-----
--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'. See http://www.humbug.org.au/
More information about the General
mailing list