Hello,
We are facing an strange problem, we have an internal dns zone for the
internal zones and 1 zone we called acces zone who act as a
router/firewall/nginx with ip spoofing and mac spoofing enabled who need
to resolv to the public ip.
So i put an entry with the public ip in the /etc/host file,
nsswitch.conf = files mdns dns , kill the process nscd, do a nslookup
but it resolv back to the internal ip adress of that zone ?
I feel little stupid now and don't understand why it not using first the
/etc/host file ?
but it seems it get more stranger :-\
the zone has a public ip on net0, admin network on net1 and internal0
network for all the internal zones, everything works if you do a ping
but when we do a nslookup it doesn't work if we use 8.8.8.8 so it always
resolv from the 10.0.0.13 which is the dns server.
[root@access /opt/local/etc/nginx/sites-enabled]# cat /etc/resolv.conf
search local
nameserver 8.8.8.8
nameserver 10.0.0.13
[root@access /opt/local/etc/nginx/sites-enabled]# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu
8232 index 1
inet 127.0.0.1 netmask ff000000
net0: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 1500
index 3
inet public ip netmask fffffffc broadcast .......
ether 2:0:0:10:2f:cb
net1: flags=201100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4,CoS>
mtu 1500 index 2
inet 10.0.0.254 netmask ff000000 broadcast 10.255.255.255
ether c2:24:5e:a5:c5:d4
net2: flags=201100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4,CoS>
mtu 1500 index 4
inet 192.168.11.254 netmask ffffff00 broadcast 192.168.11.255
ether d2:a7:13:5e:c5:81
tun0:
flags=10011008d1<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST,ROUTER,IPv4,FIXEDMTU>
mtu 1500 index 5
inet 10.100.200.1 --> 10.100.200.2 netmask ffffffff
ether 60:ea:7c:8a:d:ff
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu
8252 index 1
inet6 ::1/128
[root@access /opt/local/etc/nginx/sites-enabled]# ping -i net0 joyent.com
joyent.com is alive
[root@access /opt/local/etc/nginx/sites-enabled]# nslookup
> server 208.67.222.222
Default server: 208.67.222.222
Address: 208.67.222.222#53
> joyent.com
;; connection timed out; no servers could be reached
> www.google.com
;; connection timed out; no servers could be reached
> ^C[root@access /opt/local/etc/nginx/sites-enabled]#
[root@access /opt/local/etc/nginx/sites-enabled]# nslookup joyent.com
Server: 10.0.0.13
Address: 10.0.0.13#53
Non-authoritative answer:
Name: joyent.com
Address: 151.101.194.49
Name: joyent.com
Address: 151.101.130.49
Name: joyent.com
Address: 151.101.2.49
Name: joyent.com
Address: 151.101.66.49
[root@access ~]# pkgin update
processing remote summary
(https://pkgsrc.joyent.com/packages/SmartOS/2017Q4/x86_64/All)...
=> then it hangs ...
[root@access /opt/local/etc/nginx/sites-enabled]# ipnat -l
List of active MAP/Redirect filters:
bimap net0 10.0.0.0/8 -> public ip/32 portmap tcp/udp auto
bimap net0 192.168.11.0/24 -> public ip/32 portmap tcp/udp auto
So is there a trick how to set first the /etc/hosts files then the dns,
or do we really messing up with the natting ?
Thank you.
Kind Regards,
Dirk
--
Dirk Willems
System Engineer
+32 (0)3 443 12 38
[email protected] <mailto:[email protected]>
Quality. Passion. Personality
www.exitas.be <http://www.exitas.be/> | Veldkant 31 | 2550 Kontich
Illumos OmniOS Installation and Configuration Implementation Specialist.
Oracle Solaris 11 Installation and Configuration Certified
Implementation Specialist.
-------------------------------------------
smartos-discuss
Archives: https://www.listbox.com/member/archive/184463/=now
RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00
Modify Your Subscription:
https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb
Powered by Listbox: http://www.listbox.com
