Hello,
I've recently inherited a network with bind dns already set in it.. the thing is, the previous admin added our networks "domain" as our default company's website.. lets say "abcd.com"
first of all, I'm a complete newbie with DNS under linux so I've sruggled my way and finally landed on webmin that helps me out in adding local dns records. though the problem occurs whenever there's a url on our website that needs to be accessed... let me explain..
a.. I can browse to abcd.com b.. I can browse to local.abcd.com c.. but I cannot access public.abcd.com as the dns search for "public" under it's records and it cannot find it.. how can I solve this? changing the domain is in no way possible, as there's almost 200 virtual host setup in my local network.. so I need a quick solution for this.. any advice?
PS: if any of you can guide me to a good DNS under centos tutorial I'll appreciate it
Hi,
"Roland Roland" R_O_L_A_N_D@hotmail.com schrieb am 16.09.2009 11:10:05:
I can browse to abcd.com I can browse to local.abcd.com but I cannot access public.abcd.com as the dns search for "public" under it's records and it cannot find it.. how can I solve this? changing the domain is in no way possible, as there's almost 200 virtual host setup in my local network.. so I need a quick solution for this.. any advice?
This is just a quickshot as I don't feel like I fully understood your problem, but maybe we're lucky ;-)
Can you browse/ping/resolve public.abcd.com.abcd.com?
Frank.
I'll explain again... excuse my english..
1. I can browse local virtual hosts normaly 2. I can browse abcd.com (my company's website, and is set also as my local network domain) 3. if go to public.abcd.com from outside my network (any public place) I can access that page normally. 4. if try browsing public.abcd.com from inside my network, I cannot as my local DNS search it's own records for "public" and obviously it wont find it. the reason such a thing is happening is due to the fact that "abcd.com' is also set as our network's domain. so instead of forwarding requests to my ISP's dns to resolve public.abcd.com it simply search it's own records.
-------------------------------------------------- From: Frank.Brodbeck@klingel.de Sent: Wednesday, September 16, 2009 12:27 PM To: "CentOS mailing list" centos@centos.org Cc: centos@centos.org; centos-bounces@centos.org Subject: [CentOS] Antwort: bind dns help?
Hi,
"Roland Roland" R_O_L_A_N_D@hotmail.com schrieb am 16.09.2009 11:10:05:
I can browse to abcd.com I can browse to local.abcd.com but I cannot access public.abcd.com as the dns search for "public" under it's records and it cannot find it.. how can I solve this? changing the domain is in no way possible, as there's almost 200 virtual host setup in my local network.. so I need a quick solution for this.. any advice?
This is just a quickshot as I don't feel like I fully understood your problem, but maybe we're lucky ;-)
Can you browse/ping/resolve public.abcd.com.abcd.com?
Frank. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
"Roland Roland" R_O_L_A_N_D@hotmail.com schrieb am 16.09.2009 12:01:34:
I'll explain again... excuse my english..
- I can browse local virtual hosts normaly
- I can browse abcd.com (my company's website, and is set also as my
local
network domain) 3. if go to public.abcd.com from outside my network (any public place) I
can
access that page normally. 4. if try browsing public.abcd.com from inside my network, I cannot as
my
local DNS search it's own records for "public" and obviously it wont
find
it. the reason such a thing is happening is due to the fact that "abcd.com'
is
also set as our network's domain. so instead of forwarding requests to
my
ISP's dns to resolve public.abcd.com it simply search it's own records.
First of all, I'm no DNS expert, keep that in mind when reading my answer ;-)
This sounds like a split horizon setup for your DNS. If I understand you correctly, public.abcd.com is a webserver in your LAN/DMZ but publicly available? If so, and if the bind you inherited only answers to requests from your LAN you can just add public.abcd.com to your zone file.
But as I mentioned before, be careful with this advice. If possible, test this with something not in production or wait for someone with more DNS experience than me.
Frank.
On 09/16/2009 05:14 AM, Frank.Brodbeck@klingel.de wrote:
"Roland Roland" R_O_L_A_N_D@hotmail.com schrieb am 16.09.2009 12:01:34:
I'll explain again... excuse my english..
- I can browse local virtual hosts normaly
- I can browse abcd.com (my company's website, and is set also as my
local
network domain) 3. if go to public.abcd.com from outside my network (any public place) I
can
access that page normally. 4. if try browsing public.abcd.com from inside my network, I cannot as
my
local DNS search it's own records for "public" and obviously it wont
find
it. the reason such a thing is happening is due to the fact that "abcd.com'
is
also set as our network's domain. so instead of forwarding requests to
my
ISP's dns to resolve public.abcd.com it simply search it's own records.
First of all, I'm no DNS expert, keep that in mind when reading my answer ;-)
This sounds like a split horizon setup for your DNS. If I understand you correctly, public.abcd.com is a webserver in your LAN/DMZ but publicly available? If so, and if the bind you inherited only answers to requests from your LAN you can just add public.abcd.com to your zone file.
But as I mentioned before, be careful with this advice. If possible, test this with something not in production or wait for someone with more DNS experience than me.
First set of advise ... get rid of GUIs (like webmin) to manage DNS and learn where the files are, what goes in them and how to edit them correctly.
It sounds like you have an internal DNS master and an External DNS master. Most people do this if they have internal IPs (10.x.x.x, 172.16.x.x-172.31.x.x, 192.x.x.x, etc.) and external (real) IPs to maintain. So, do you have some internal and some external IPs to maintain?
The first thing you need to know is where is the master DNS server for each zone ... the internal one and the external one.
I like to use nslookup for things like this ... other people use dig. Here is the nslookup way. Enter this command in a terminal:
nslookup
Now you should be in an nslookup shell. Use this command to look for SOA (Start of Authority records):
set type=soa
Now you can input your domain in the line and see the dns servers that are authoritative for that domain. So in your example, enter:
abcd.com
Once you know the authoritative DNS names, use this command to lookup IP addresses:
set type=a
Then lookup the addresses of DNS servers by typing each name. You can specify the DNS server to use in YOUR nslookups with this command in the nslookup shell:
server aaa.bbb.ccc.ddd
(enter the ip address of the server you want to lookup against)
Using this, you can do lookups for names on your internal and external DNS machines ... then you can edit the applicable zone files as necessary to fix the issues.
You zone files are usually somewhere in /var/named/
Look in /etc/named.conf to see how the DNS server is set up ... here is some DNS docs:
http://www.centos.org/docs/5/html/5.2/Deployment_Guide/ch-bind.html
Roland Roland wrote:
I'll explain again... excuse my english..
- I can browse local virtual hosts normaly
- I can browse abcd.com (my company's website, and is set also as my local
network domain) 3. if go to public.abcd.com from outside my network (any public place) I can access that page normally. 4. if try browsing public.abcd.com from inside my network, I cannot as my local DNS search it's own records for "public" and obviously it wont find it. the reason such a thing is happening is due to the fact that "abcd.com' is also set as our network's domain. so instead of forwarding requests to my ISP's dns to resolve public.abcd.com it simply search it's own records.
put an A record for public.abcd.com in your local DNS, as several others have said in varying number of words.
however, there's another possible problem... is your public webserver on your local network, behind the same firewall as the rest of your local systems? if this is the case, your firewall might not be able to do 'double NAT' where a local (private IP) host accesses the public IP of the firewall, which is forwarded to another local host. for this to work, the firewall/router has to translate the source/dest addresses *twice* and many implementations simply don't do this. one work around is for that local DNS to have the local IP for public.abcd.com
now, if the public.abcd.com server is hosted outside, then you can ignore this last, and just put its ip in a A record as I previously said, and all should be copasetic
-
Frank.Brodbeck@klingel.de -
John R Pierce -
Johnny Hughes -
Roland Roland