date:20160204

Re: DNS Server goofiness

2016-02-04 Thread Reindl Harald




Am 04.02.2016 um 22:01 schrieb Mike Hoskins (michoski):

Do you really want to return RFC1918 to the Internet?  Not the end of
the world, but some consider it unnecessary information disclosure.  :-)


funny to read that from a @cisco.com sender when all the DNS mangeling 
in the last deacde i have seen where from Cisco routers up to 2HE 
devices which are for sure not homeuer hardware :-)




signature.asc
Description: OpenPGP digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: DNS Server goofiness

2016-02-04 Thread Mike Hoskins (michoski)

Do you really want to return RFC1918 to the Internet?  Not the end of the 
world, but some consider it unnecessary information disclosure.  :-)

I've seen this on various WAN/fw/router used at home over the years (arris, 
cisco, linksys, etc) and unlike the commands Reindal shared which are geared 
more toward SOHO/enterprise (e.g. IOS) you might need to look around your 
"gateway" settings.  This can have various names, but is usually a check-box 
under lan/wan/firewall/advanced settings vs basic setup.  Hopefully you can 
find something there which will be obvious (googling for the manual for your 
exact device should help).

hth

From: 
> on 
behalf of David Hornsby >
Date: Thursday, February 4, 2016 at 3:29 PM
To: "bind-users@lists.isc.org" 
>
Subject: DNS Server goofiness

I am having an issue with an authoritative dns server that sits behind a nat. I 
have replicated this problem on two different servers on different versions of 
bind which is why I am now perplexed. In the zone file the LAN address of the 
server has an A record. When the server is queried directly from the LAN, the 
server replies with its LAN address. Just as expected. However when the record 
is queried from through the fw the server replies with its public ip address. 
Which I can only guess it's getting by doing a reverse on the NS record that 
pointed it there in the first place??? This only happens on the record with an 
IP address which matches the server's lan address.

$nslookup dc01 192.168.1.254
Server: 192.168.1.254
Address: 192.168.1.254#53

Name: dc01.home.carolinaky.com
Address: 192.168.1.254

$ nslookup dc01 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53

Non-authoritative answer:
Name: dc01.home.carolinaky.com
Address: 69.133.101.121

I'm confused.

Thanks,
David
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

DNS Server goofiness

2016-02-04 Thread David Hornsby

I am having an issue with an authoritative dns server that sits behind a nat. I 
have replicated this problem on two different servers on different versions of 
bind which is why I am now perplexed. In the zone file the LAN address of the 
server has an A record. When the server is queried directly from the LAN, the 
server replies with its LAN address. Just as expected. However when the record 
is queried from through the fw the server replies with its public ip address. 
Which I can only guess it's getting by doing a reverse on the NS record that 
pointed it there in the first place??? This only happens on the record with an 
IP address which matches the server's lan address.
$nslookup dc01 192.168.1.254
Server: 192.168.1.254
Address: 192.168.1.254#53


Name: dc01.home.carolinaky.com
Address: 192.168.1.254


$ nslookup dc01 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53


Non-authoritative answer:
Name: dc01.home.carolinaky.com
Address: 69.133.101.121




I'm confused.


Thanks,
David

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: DNS Server goofiness

2016-02-04 Thread Reindl Harald



Am 04.02.2016 um 21:29 schrieb David Hornsby:

I am having an issue with an authoritative dns server that sits behind a
nat. I have replicated this problem on two different servers on
different versions of bind which is why I am now perplexed. In the zone
file the LAN address of the server has an A record. When the server is
queried directly from the LAN, the server replies with its LAN address.
Just as expected. However when the record is queried from through the fw
the server replies with its public ip address. Which I can only guess
it's getting by doing a reverse on the NS record that pointed it there
in the first place??? This only happens on the record with an IP address
which matches the server's lan address.


i bet it's a cisco crap which is doing NAT

https://lists.isc.org/pipermail/bind-users/2014-June/093353.html

no ip nat service alg udp dns
no ip nat service alg tcp dns



signature.asc
Description: OpenPGP digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: DNS Server goofiness

Re: DNS Server goofiness

DNS Server goofiness

Re: DNS Server goofiness

4 matches

Site Navigation

Mail list logo

Footer information