RE: NAT and Question Section Mismatch

Tue, 21 Apr 2020 11:09:16 -0700 

> -----Original Message-----
> From: John Wiles
> Sent: Sunday, April 19, 2020 11:18 PM
> To: 'Tony Finch' <d...@dotat.at>
> Cc: bind-users@lists.isc.org
> Subject: RE: NAT and Question Section Mismatch
> 
> > >
> > > I am running into a problem that I think is caused by either a
> > > misconfiguration in Bind9, our Cisco NAT, or perhaps both.
> > >
> > > When I am on our internal network, I am able to query both servers
> > > and get the appropriate external ip address. However, when I try to
> > > do the same thing externally I get "Question section mismatch: got
> > > 6.1.1.10.in-addr.arpa/PTR/IN."
> >
> > I bet this is a PIX/ASA fixup fuxup.
> >
> > Tony.
> 
> Tony thanks for the response.
> 
> I'm assuming that applies to either DNS inspection and/or the fixup
> command. I'm asking the person that handles the cisco config to review.
> 
> I also just realized I forgot to mention that it is a 2911 ISR.
> 
> John
> 

After going through the router config my cisco person is pretty sure that there 
is nothing in the configuration that is causing this. 

But I'm not so certain since it appears to only affect the hosts that are in 
the NAT. For example, my nslookup results from home: 

> server 72.162.32.4
Default server: 72.162.32.4
Address: 72.162.32.4#53
> 72.162.32.2
2.32.162.72.in-addr.arpa        name = gw.iotis.org.
> 72.162.32.3
;; ;; Question section mismatch: got 17.1.1.10.in-addr.arpa/PTR/IN
;; ;; Question section mismatch: got 17.1.1.10.in-addr.arpa/PTR/IN
;; ;; Question section mismatch: got 17.1.1.10.in-addr.arpa/PTR/IN
;; connection timed out; no servers could be reached

> 72.162.32.4
;; ;; Question section mismatch: got 25.1.1.10.in-addr.arpa/PTR/IN
;; ;; Question section mismatch: got 25.1.1.10.in-addr.arpa/PTR/IN
;; ;; Question section mismatch: got 25.1.1.10.in-addr.arpa/PTR/IN
;; connection timed out; no servers could be reached

> 72.162.32.19
19.32.162.72.in-addr.arpa       name = badmx2.iotis.org.
> 72.162.32.18
18.32.162.72.in-addr.arpa       name = badmx.iotis.org.



_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to