HPE Community
Operating System - HP-UX
1825162 Members
2391 Online
109679 Solutions
New Discussion юеВ

NATed DNS server Problem

 
Tommy Brown
Respected Contributor

тАО08-07-2003 11:05 AM

тАО08-07-2003 11:05 AM

NATed DNS server Problem

Hello, I searched, but found nothing Similar..
My external DNS server now resides behind a firewall with a NATed address. If I query the server, I get:
[horton] (root)nslookup -q=ns .
Name Server: dns1.augustaga.gov
Address: 167.196.20.59

Trying DNS
*** Request to dns1.augustaga.gov timed-out
looking up FILES
*** No address information is available for "."

I am logged in locally, and on a private address. I cannot access any of my public addresses within the firewall. I have only one NIC and need help to resolve this. How can I access this External DNS server using a local address and not post the private address externally?
Thanks,
Tommy
I may be slow, but I get there !
0 Kudos
Reply
6 REPLIES 6
Ron Kinner
Honored Contributor

тАО08-07-2003 04:32 PM

тАО08-07-2003 04:32 PM

Re: NATed DNS server Problem

Your default gateway should be set to the IP of the firewall. Is it? ipconfig /all or winipcfg will tell you what it is on a Windwo box. netstat -rn will tell you just about any box. Just look for 0.0.0.0

It is the firewall's job to NAT your local IP and pass your traffic to the external DNS server and then receive and unNat any replies.

Try a traceroute (tracert -d on a window box) to the DNS server. See where it stops. Then complain to the firewall admin.

Ron
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО08-07-2003 04:44 PM

тАО08-07-2003 04:44 PM

Re: NATed DNS server Problem

wondering if you can contact the nameservers in

/etc/resolv.conf

If not, this could be the problem.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Tommy Brown
Respected Contributor

тАО08-08-2003 05:02 AM

тАО08-08-2003 05:02 AM

Re: NATed DNS server Problem

Thanks, Ron and Steven, The DNS was working until we NATed the DNS server.. In talking to HP support, IT appears we may need to put the server outside the Firewall. It has a single NIC and the FW performs the NAT. Since the DNS server looks to its public address to perform queries it fails, since we do not allow public addresses on the internal side of trhe firewall.
Thanks, for your input.
I may be slow, but I get there !
0 Kudos
Reply
Jordan Bean
Honored Contributor

тАО08-08-2003 10:05 AM

тАО08-08-2003 10:05 AM

Re: NATed DNS server Problem


You just moved the name server behind a firewall and your trying to resolve from that same box? Did you change the IP address in /etc/resolve.conf to the new private IP? Better yet, set it 0.0.0.0 so you don't have to worry about it again. Local resolution should work fine now.

The name server really doesn't need to know what the public IP is. If this is only used by the public, then you don't have to worry about publishing the private IP.

However, if this is also used by the internal network, then you really should consider using a split-dns configuration. If you are using BIND 9, then two views can be created: one for public and one for private. Each view may have the same zones, but with different data: one public and one private. The name server will choose the appropriate view based on client IP. See the attached example named.conf.
0 Kudos
Reply
Andy Beal
Frequent Advisor

тАО08-08-2003 11:10 AM

тАО08-08-2003 11:10 AM

Re: NATed DNS server Problem

You could be asking several different questions here, you may need to embellish some more.

If you moved your dns server behind a NAT, it should work fine, as long as hosts inside the nat access it with it's private IP. Even that box itself will need to access itself with it's private address. If it's serving external DNS, hosts on the internet should be using it's public address. Now the real complication comes in when your internal hosts also use this dns for lookups, it will work only as a local cache, any domains that are hosted on it will not work properly when inside the firewall, the server serves out public addresses, and in 99.9% of the cases those won't work for internal hosts. You may need a second DNS server, one for internal stuff and one that just serves the outside world so the information can be different.
0 Kudos
Reply
Tommy Brown
Respected Contributor

тАО07-20-2004 02:47 AM

тАО07-20-2004 02:47 AM

Re: NATed DNS server Problem

This server has been put outside the firewall with "real" ip addresses. as soon as that was done, the nslookup problem was resolved.
Thanks to all.
Tommy
I may be slow, but I get there !
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.