> First let me say that I have port forwarded several > services through the > Firewall, and all to the same server that is running DNS. These are > ftp, http, ssh, pop3, imap, dns, smtp. The first test was to > a external > name server, to look up yahoo.com and it worked great. Then > I pointed > the same request to my dns server and that too worked great!! So I > pointed a request to my dns server for a domain that is > handling. That > too worked well. But when I pointed this same request to a > external dns > server, it failed. All dns request originating from behind > the firewall > will work, but if the dns request originates from the > internet, it will > fail???
Sounds like a lower level problem than the firewall, at least to me. Is the local domain a registered Internet domain that a regular Internet DNS server will be able to lookup and access? You can find this out by using the "whois" command under Linux (you may need to open a port for this, or do it from an un-firewalled box). Compare the Primary and Secondary DNS servers reported by "whois yourdomain.net" with your public IP address. If they don't match, that's your problem. For anyone on the Internet to reach your domain, the Internet needs to know where the DNS server for your domain is. - If you didn't register the domain, then register it ($15 at most registrars, I use http://www.dotster.com/, I've heard of some cheaper) and set the primary DNS server to your IP address. (Note, some registrars will act as free DNS servers for you and forward requests to your IP address, in which case you just tell it to forward all requests to your public IP address, where your firewall will then forward it to your web server. - If you registered the domain and the IPs don't match, well, that's why! Make sure you contact your registrar (the people you got the domain from) and have them reconfigure the primary and secondary DNS to your public IP address. The only exception is if you're using a registrar that does IP forwarding like I mentioned above. Make sure IP they're forwarding to matches your public IP address. - If you have a dynamic IP address, this sort of thing really doesn't work well. Consider a Dynamic DNS service such as http://www.dyndns.org/ - If the whois record shows the right primary/secondary DNS, then there's a firewall issue, most likely. Don Head SAIR LCA, CIW-P, Linux+, i-Net+, Network+, A+ Systems Administrator [ [EMAIL PROTECTED] ] Web Designer [ 1 314 650-4056 ] [ AIM - Don Wave ] [ ICQ - 18804935 ] [ Yahoo - Don_Wave ]
