[TCLUG] NATed DNS - BIND server

[Tom Penney]

I'm having a strange problem I can't figure out. I have a DNS server
behind NAT. the server answers correctly when queried from the local
private network but does not from the internet. From the internet, no
matter what you ask, it answers with the public IP of the nat device
(cisco 678). What the hell am I doing wrong?

Here is some info, I've cut it up to keep it short

>From The Cisco 678:

        cbos#show nat
         
        NAT is currently enabled
         
        Port      Network        Global
        eth0      Inside
        wan0-0    Outside      209.98.143.100
        vip0      Outside      ^^^^^^^^^^^^^^
        vip1      Outside      STATIC IP OF CISCO 678 HOSTING THE BIND SERVER
        vip2      Outside
         
              Local IP : Port      Global IP : Port      Timer Flags    Proto Interface
           192.168.1.50:53     209.98.143.100:53           0   0x00041  udp   eth0 wan0-0
           192.168.1.50:53     209.98.143.100:53           0   0x00041  tcp   eth0 wan0-0
           ^^^^^^^^^^^^
           LOCAL IP OF BIND SERVER
        


>From inside the private network:

        [tomp at lotsa test]$ dig @192.168.1.50 myhost.mydomain.com
                                ^^^^^^^^^^^^ 
                                BIND SERVER 
        
        ; <<>> DiG 9.2.1 <<>> @192.168.1.50 r.circussoftware.com
        ;; global options:  printcmd
        ;; Got answer:
        ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20759
        ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 1
         
        ;; QUESTION SECTION:
        ;myhost.mydomain.com.          IN      A
         
        ;; ANSWER SECTION:
        myhost.mydomain.com. 10800 IN A       209.150.209.2
                                              ^^^^^^^^^^^^^
                                              CORRECT! IP OF MYHOST.MYDOMAIN.COM 

>From the internet:
        [tomp at ringmaster tomp]$ dig @bindserver.binddomain.com myhost.mydomain.com
        
        
        ; <<>> DiG 9.2.1 <<>> @many.blots.com ringmaster.circussoftware.com
        ;; global options:  printcmd
        ;; Got answer:
        ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27360
        ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
         
        ;; QUESTION SECTION:
        ;myhost.mydomain.com. IN      A
         
        ;; ANSWER SECTION:
        myhost.mydomain.com. 0 IN     A       209.98.143.100
                                              ^^^^^^^^^^^^^^
                                              WRONG! THIS IS THE IP OF THE CISCO 678
        
        
It's like the NAT on the Cisco is rewriting the address of the answer.
Does anyone have a clue how to fix this?

Thanks!
         
-- 
Tom Penney <blots at visi.com>


_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list