Iptables vs. nameserver. Bug???
Hello! I am currently running a nameserver at home, using slackware 8.0 with iptables 1.2.2. I have, during the last weeks, read tonns of docs about iptables, but not yet found an answer to my problem. Here we go: Using bind 9 I run a nameserver. The zone files and named.conf are perfectly configured. Locally everything resolves perfect, but when someone outside my internal network sends an query to the nameserver (behind the firewall) they always get the same resolve no matter what my zone files says or the local resolve says. The result any external query gets is my external ip. I am using: iptables -t nat -A PREROUTING -p udp --dport 53 -i eth0 -j DNAT --to-destination 192.168.0.9:53 to forward any domain request to my nameserver from my firewall (192.168.0.1) I have 2 nic's in the firewall (eth0 = cisco 677i adsl router, eth1 = local network) Example: Domain: test.musami.org Zone files says: test.musami.org = 217.13.22.87 Local query (host test.musami.org 192.168.0.9) says:217.13.22.87 External query (host test.musami.org 217.13.22.50) says: 217.13.22.50 I have heard there might be a bug in iptables for this? Hoping for an explaining answer (I am going crazy about this:) Thank you! Sincerely Lars Erik Petersen mail: [EMAIL PROTECTED] __ D O T E A S Y - Join the web hosting revolution! http://www.doteasy.com
Re: Iptables vs. nameserver. Bug???
Hello, I am using: iptables -t nat -A PREROUTING -p udp --dport 53 -i eth0 -j DNAT --to-destination 192.168.0.9:53 to forward any domain request to my nameserver from my firewall (192.168.0.1) I have 2 nic's in the firewall (eth0 = cisco 677i adsl router, eth1 = local network) you should have read some nameserver docs, too :P The DNS System also uses tcp 53 for transmission. This might trigger the behaviour you expect. Unfortunately not many people know about the tcp thingie, resulting in many broken dns servers. -- Regards, Wiktor Wodecki [EMAIL PROTECTED] msg00398/pgp0.pgp Description: PGP signature
Re: Iptables vs. nameserver. Bug???
On Mon, Mar 25, 2002 at 10:37:06AM +0100, Wiktor Wodecki wrote: Hello, I am using: iptables -t nat -A PREROUTING -p udp --dport 53 -i eth0 -j DNAT --to-destination 192.168.0.9:53 to forward any domain request to my nameserver from my firewall (192.168.0.1) I have 2 nic's in the firewall (eth0 = cisco 677i adsl router, eth1 = local network) you should have read some nameserver docs, too :P The DNS System also uses tcp 53 for transmission. This might trigger the behaviour you expect. Unfortunately not many people know about the tcp thingie, resulting in many broken dns servers. Please also note that TCP is even used for queries (size 512 bytes), not only for zone transfers. Regards, Wiktor Wodecki [EMAIL PROTECTED] -- Live long and prosper - Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/ GCS/E/IT d- s-: a-- C+++ UL$ P+++ L$ E--- W- N++ o? K- w--- O- M+ V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*) msg00403/pgp0.pgp Description: PGP signature