* Sak <[EMAIL PROTECTED]> [2004:02:25:10:50:47-0800] scribed: > On Wed, Feb 25, 2004 at 12:21:01PM -0600, Michael D Schleif wrote: > > What does dnscache tell you? > > > > tail -f /var/log/dnscache/current | tai64nlocal > > Here's the output... > > gw: -root- > # tail -f /var/log/dnscache/current | tai64nlocal > 2004-02-25 10:37:12.109829500 stats 2428 1269339 1 0 > 2004-02-25 10:37:12.109832500 cached 1 tld1.ultradns.net. > 2004-02-25 10:37:12.109835500 cached 1 tld2.ultradns.net. > 2004-02-25 10:37:12.109838500 tx 0 1 www.adreamcreation.org. org. cc4a7001 cc4a7101 > 2004-02-25 10:37:12.172382500 nxdomain cc4a7001 3600 www.adreamcreation.org. ^^^^^^^^ > 2004-02-25 10:37:12.172389500 sent 2428 40 > 2004-02-25 10:37:12.172867500 query 2429 c0a80105:8091:d4be 1 > www.adreamcreation.org.102010.org. > 2004-02-25 10:37:12.172874500 tx 0 1 www.adreamcreation.org.102010.org. 102010.org. > 7f000001 > 2004-02-25 10:37:12.173552500 nxdomain 7f000001 2560 > www.adreamcreation.org.102010.org. ^^^^^^^^ > 2004-02-25 10:37:12.173558500 sent 2429 51 > > > One (1) name and two (2) addresses -- that is probably not what you > > want. > > I don't understand what you mean here.
First of all, adreamcreation.org is *NOT* delegated to you, no matter what whois says: # dnsqr any adreamcreation.org 255 adreamcreation.org: 36 bytes, 1+0+0+0 records, response, authoritative, nxdomain query: 255 adreamcreation.org # dnsqr ns adreamcreation.org 2 adreamcreation.org: 36 bytes, 1+0+0+0 records, response, authoritative, nxdomain query: 2 adreamcreation.org Domain 102010.org appears to be setup properly. You must understand the concept of `nxdomain'. Second, your original examples: In my tinydns-private file, I've got the following for the DMZ, and the sites that I'm hosting... .2.168.192.in-addr.arpa::ns1.102010.org =demian.102010.org:192.168.2.2 +www.102010.org:192.168.2.2 +www.adreamcreation.org:192.168.2.2 My tinydns-public file looks like this... .102010.org::ns1.102010.org .38.231.216.in-addr.arpa::ns1.102010.org @102010.org::demian.102010.org =gw.102010.org:216.231.38.127 +ns1.102010.org:216.231.38.127 +ns2.102010.org:216.231.38.127 =demian.102010.org:216.231.38.127 +www.102010.org:216.231.38.127 +www.adreamcreation.org:216.231.38.127 show the `One (1) name and two (2) addresses' malady: / .2.168.192.in-addr.arpa ns1.102010.org \ .38.231.216.in-addr.arpa / 192.168.2.2 demian.102010.org \ 216.231.38.127 This is not readily accomplished. > > Do these DMZ hosts have two (2) interfaces? > > The DMZ host has a single interface. Your DNS host probably has two interfaces. tinydns-private *MUST* associated with the private interface, and tinydns-public *MUST* be associated with the public interface. Your DMZ host has one (1) interface; therefore, you will have better success if you limit that interface to one (1) address. > > If so, what is the domain of your private LAN? > > > > =demian.private.network:192.168.2.2 > > The contents of my /etc/tinydns-private/env/DOMAINS file is... > > 1.168.192.in-addr.arpa > 102010.org <snip /> This is going to be a major problem. First, look closely at the above, and you will see that you are specifying two (2) private networks: 1.168.192.in-addr.arpa 192.168.2.2 Second, since 102010.org is a *public* domain: # dnsq any 102010.org a.root-servers.net 255 102010.org: 110 bytes, 1+0+2+2 records, response, noerror query: 255 102010.org authority: org 172800 NS tld1.ultradns.net authority: org 172800 NS tld2.ultradns.net additional: tld1.ultradns.net 172800 A 204.74.112.1 additional: tld2.ultradns.net 172800 A 204.74.113.1 By definition, a.root-servers.net *CANNOT* know anything about your private network. -- Best Regards, mds mds resource 877.596.8237 - Dare to fix things before they break . . . - Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . --
signature.asc
Description: Digital signature