* Sak <[EMAIL PROTECTED]> [2004:02:25:10:50:47-0800] scribed:
> On Wed, Feb 25, 2004 at 12:21:01PM -0600, Michael D Schleif wrote:
> > What does dnscache tell you?
> >
> > tail -f /var/log/dnscache/current | tai64nlocal
>
> Here's the output...
>
> gw: -root-
> # tail -f /var/log/dnscache/current | tai64nlocal
> 2004-02-25 10:37:12.109829500 stats 2428 1269339 1 0
> 2004-02-25 10:37:12.109832500 cached 1 tld1.ultradns.net.
> 2004-02-25 10:37:12.109835500 cached 1 tld2.ultradns.net.
> 2004-02-25 10:37:12.109838500 tx 0 1 www.adreamcreation.org. org. cc4a7001 cc4a7101
> 2004-02-25 10:37:12.172382500 nxdomain cc4a7001 3600 www.adreamcreation.org.
^^^^^^^^
> 2004-02-25 10:37:12.172389500 sent 2428 40
> 2004-02-25 10:37:12.172867500 query 2429 c0a80105:8091:d4be 1
> www.adreamcreation.org.102010.org.
> 2004-02-25 10:37:12.172874500 tx 0 1 www.adreamcreation.org.102010.org. 102010.org.
> 7f000001
> 2004-02-25 10:37:12.173552500 nxdomain 7f000001 2560
> www.adreamcreation.org.102010.org.
^^^^^^^^
> 2004-02-25 10:37:12.173558500 sent 2429 51
>
> > One (1) name and two (2) addresses -- that is probably not what you
> > want.
>
> I don't understand what you mean here.
First of all, adreamcreation.org is *NOT* delegated to you, no matter
what whois says:
# dnsqr any adreamcreation.org
255 adreamcreation.org:
36 bytes, 1+0+0+0 records, response, authoritative, nxdomain
query: 255 adreamcreation.org
# dnsqr ns adreamcreation.org
2 adreamcreation.org:
36 bytes, 1+0+0+0 records, response, authoritative, nxdomain
query: 2 adreamcreation.org
Domain 102010.org appears to be setup properly. You must understand the
concept of `nxdomain'.
Second, your original examples:
In my tinydns-private file, I've got the following for the DMZ, and
the sites that I'm hosting...
.2.168.192.in-addr.arpa::ns1.102010.org
=demian.102010.org:192.168.2.2
+www.102010.org:192.168.2.2
+www.adreamcreation.org:192.168.2.2
My tinydns-public file looks like this...
.102010.org::ns1.102010.org
.38.231.216.in-addr.arpa::ns1.102010.org
@102010.org::demian.102010.org
=gw.102010.org:216.231.38.127
+ns1.102010.org:216.231.38.127
+ns2.102010.org:216.231.38.127
=demian.102010.org:216.231.38.127
+www.102010.org:216.231.38.127
+www.adreamcreation.org:216.231.38.127
show the `One (1) name and two (2) addresses' malady:
/ .2.168.192.in-addr.arpa
ns1.102010.org
\ .38.231.216.in-addr.arpa
/ 192.168.2.2
demian.102010.org
\ 216.231.38.127
This is not readily accomplished.
> > Do these DMZ hosts have two (2) interfaces?
>
> The DMZ host has a single interface.
Your DNS host probably has two interfaces. tinydns-private *MUST*
associated with the private interface, and tinydns-public *MUST* be
associated with the public interface.
Your DMZ host has one (1) interface; therefore, you will have better
success if you limit that interface to one (1) address.
> > If so, what is the domain of your private LAN?
> >
> > =demian.private.network:192.168.2.2
>
> The contents of my /etc/tinydns-private/env/DOMAINS file is...
>
> 1.168.192.in-addr.arpa
> 102010.org
<snip />
This is going to be a major problem.
First, look closely at the above, and you will see that you are
specifying two (2) private networks:
1.168.192.in-addr.arpa
192.168.2.2
Second, since 102010.org is a *public* domain:
# dnsq any 102010.org a.root-servers.net
255 102010.org:
110 bytes, 1+0+2+2 records, response, noerror
query: 255 102010.org
authority: org 172800 NS tld1.ultradns.net
authority: org 172800 NS tld2.ultradns.net
additional: tld1.ultradns.net 172800 A 204.74.112.1
additional: tld2.ultradns.net 172800 A 204.74.113.1
By definition, a.root-servers.net *CANNOT* know anything about your
private network.
--
Best Regards,
mds
mds resource
877.596.8237
-
Dare to fix things before they break . . .
-
Our capacity for understanding is inversely proportional to how much
we think we know. The more I know, the more I know I don't know . . .
--
signature.asc
Description: Digital signature
