Re: NAT Inside/Outside IP help

Gary Quiring wrote:

> On Tue, 20 May 2003 13:47:11 GMT, Barry Margolin <barry.margolin@xxxxxxxxxx>
> wrote:
>
> >In article <baba8d$rbo$1@xxxxxxxxxxx>, Gary Quiring  <gquiring@xxxxxxx> 
> >wrote:
> >>I am trying to setup a DNS server instead of using the ISP as our DNS.  I am
> >>using Bind 9.2.1 on RedHat 8.
> >>
> >>My DNS is working but when I point my internal PC to use the internal DNS 
> >>server
> >>it returns the outside IP for any internal server.  If I tell my PC to use 
> >>the
> >>ISP's DNS server I get the internal IP.  I would like my DNS server to also
> >>return the internal IP for any company server.
> >
> >If you're going from an internal client to an internal server, you
> >shouldn't be going through the NAT router at all.  In that case, nothing
> >should change what the DNS server returns -- you get whatever is in its
> >configuration.
> >
> >Perhaps if you provided more details about the configuration we could
> >figure out what's happening to you.
> Our company changed it's name and the ISP does the domain hosting for the
> existing name.  For the new company name I am hosting the domain.
>
> When I ping my new domain using my DNS I see the outside IP.  If I ping my new
> domain using the ISP's DNS I see the inside IP.
>
> So when I ping link.actionemco.com using my DNS I see 146.x.x.x where I want 
> to
> see 192.x.x.x.
>
> Thanks
> Gary
>
> named.conf:
> // generated by named-bootconf.pl
>
> options {
>         directory "/var/named";
>         /*
>          * If there is a firewall between you and nameservers you want
>          * to talk to, you might need to uncomment the query-source
>          * directive below.  Previous versions of BIND always asked
>          * questions using port 53, but BIND 8.1 uses an unprivileged
>          * port by default.
>          */
>         // query-source address * port 53;
> };
>
> //
> // a caching only nameserver config
> //
> controls {
>         inet 127.0.0.1 allow { localhost; } keys { rndckey; };
> };
> zone "actionemco.com" in {
>         type master;
>         file "db.actionemco";
> };
> zone "." IN {
>         type hint;
>         file "named.root";
> };
>
> zone "localhost" IN {
>         type master;
>         file "localhost.zone";
>         allow-update { none; };
> };
>
> zone "0.0.127.in-addr.arpa" IN {
>         type master;
>         file "named.local";
>         allow-update { none; };
> };
>
> include "/etc/rndc.key";
>
> logging {
>   channel logfile {
>     file "/var/log/named";
>     severity dynamic;
>     print-category yes;
>     print-severity yes;
>   };
>
>   category default      { logfile; };
> };
>
> db.actionemco:
> $TTL 1H
> actionemco.com. IN SOA dns1.actionemco.com. admin.actionemco.com. (
>                 2003051602;     Serial
>                 8H;     Refresh
>                 2H;     Retry
>                 4W;     Expire
>                 1H);    Minimum TTL
> ;
> ; Name servers
> ;
> actionemco.com. IN NS dns1.actionemco.com.
>
> localhost.actionemco.com.       IN A    127.0.0.1
> www.actionemco.com.             IN A    64.235.140.46
>
> emco1.actionemco.com.           IN A    146.145.235.195
> emco2.actionemco.com.           IN A    146.145.235.196
> emco3.actionemco.com.           IN A    146.145.235.197
> emco4.actionemco.com.           IN A    146.145.235.198
> emco5.actionemco.com.           IN A    146.145.235.199
> emco6.actionemco.com.           IN A    146.145.235.200
> emco7.actionemco.com.           IN A    146.145.235.201
> emco8.actionemco.com.           IN A    146.145.235.202
> emco9.actionemco.com.           IN A    146.145.235.203
> emco10.actionemco.com.          IN A    146.145.235.204
> emco11.actionemco.com.          IN A    146.145.235.205
> emco12.actionemco.com.          IN A    146.145.235.206
> power1.actionemco.com.          IN A    146.145.235.208
>
> mail.actionemco.com.            IN A    146.145.235.197
> nj.actionemco.com.              IN A    146.145.235.197
> mi.actionemco.com.              IN A    64.235.140.34
> mailtest.actionemco.com.        IN A    146.145.235.198
>
> ;
> ; Aliases
> ;
> pt.actionemco.com.              IN CNAME emco11.actionemco.com.
> ftp.actionemco.com.             IN CNAME emco11.actionemco.com.
> link.actionemco.com.            IN CNAME emco11.actionemco.com.
> vpn.actionemco.com.             IN CNAME emco3.actionemco.com.
> linktest.actionemco.com.        IN CNAME emco10.actionemco.com.
>
> actionemco.com.                 IN MX 10 mail.actionemco.com.

I guess I'm missing something here: you've got your master zone file set up with
*external* IP addresses. So why would you expect it to be returning
*internal* IP addresses in response to queries? If you just want your server to
return the internal addresses, and you don't care about serving up external 
addresses
from that server to the Internet, then you should work out with your ISP for 
one of
you to become master of the "internal" version of the zone, and one of you to be
slave (it doesn't matter which way around this goes, as long as you and your 
ISP are
in agreement on it). If, on the other hand, you want your server to serve up
*both* internal and external addresses for that zone, depending on what client 
is
doing the asking, you'll need to set up "view"s, run different nameserver 
instances
on different interfaces, or whatever. In that case, you could still arrange a
master/slave arrangement between you and your ISP for the "internal" version of 
the
zone; this would be independent of what you do for the "external" version of the
zone.


- Kevin