[clue-tech] Critical BIND issues behind firewall
Mike Staver
mikestaver at hotmail.com
Mon Jan 17 11:02:15 MST 2005
Sorry for the repost if this is one.... I asked a bind question from the
email account which is having dns problems - so obviously I'm not getting
any mail back to that account, so I'm sending from this one. Sorry if it's
a dupe...
Ok, here is my problem - I have two dns servers, 64.242.89.11 and
64.242.89.17. They are both behind a PIX firewall, with local IPs of
10.0.0.11 and 10.0.0.17. The config for .11 looks like this:
options {
dump-file "/var/log/named_dump.db";
statistics-file "/var/log/named.stats";
listen-on-v6 { none; };
notify yes;
};
zone "." {
type hint;
file "db.cache";
};
zone "89.242.64.in-addr.arpa"{
type master;
file "db.89.242.64";
allow-transfer {
10.0.0.11;
10.0.0.12;
10.0.0.10;
10.0.0.14;
10.0.0.17;
};
};
zone "fimble.com"{
type master;
file "db.fimble";
allow-transfer {
10.0.0.12;
10.0.0.10;
10.0.0.14;
10.0.0.17;
};
};
Then the zone file for fimble.com looks like:
$TTL 86400
@ IN SOA www.fimble.com. support.fimble.com. (
2002018988 ; serial
10800 ; refresh
3600 ; retry
604800 ; expire
86400 ; default_ttl
)
fimble.com. IN A 64.242.89.17
@ IN MX 1 mail.fimble.com.
@ IN NS dns.fimble.com.
@ IN NS fimble.com.
dns IN A 64.242.89.11
www IN A 64.242.89.17
mail IN A 64.242.89.17
; Here is the SPF setup
fimble.com. IN TXT "v=spf1 ip4:64.242.89.0/24 a mx ptr
include:globaltaxnetwork.com ~all"
mail.fimble.com. IN TXT "v=spf1 a -all"
What I can't figure out is why I can't query 64.242.89.11 from the outside
of my firewall today. Try running:
nslookup www.fimble.com 64.242.89.11
or
nslookup www.fimble.com 64.242.89.17
My firewall is allowing dns queries to that box in and out. Internally, I
can run this:
kenny:/var/lib/named # nslookup www.fimble.com 10.0.0.11
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 10.0.0.11
Address: 10.0.0.11#53
Name: www.fimble.com
Address: 64.242.89.17
Is there something I'm missing with my firewall?? here is the Bind start up
log information on .11:
Jan 17 11:31:36 kenny named[3913]: loading configuration from
'/etc/named.conf'
Jan 17 11:31:36 kenny named[3913]: listening on IPv4 interface lo,
127.0.0.1#53
Jan 17 11:31:36 kenny named[3913]: listening on IPv4 interface eth0,
10.0.0.11#53
Jan 17 11:31:36 kenny named[3913]: command channel listening on
127.0.0.1#953
Jan 17 11:31:36 kenny named[3913]: command channel listening on ::1#953
Jan 17 11:31:36 kenny named[3913]: zone 89.242.64.in-addr.arpa/IN: loaded
serial 15
Jan 17 11:31:36 kenny named[3913]: zone fimble.com/IN: loaded serial
2002018988
Jan 17 11:31:36 kenny named[3913]: zone 89.242.64.in-addr.arpa/IN: sending
notifies (serial 15)
Jan 17 11:31:36 kenny named[3913]: zone fimble.com/IN: sending notifies
(serial 2002018988)
_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar get it now!
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
More information about the clue-tech
mailing list