You don't have any name servers for gob.cu:
; <<>> DiG 9.10.3-P4-RedHat-9.10.3-9.P4.fc22 <<>> gob.cu ns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1071
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;gob.cu. IN NS;; AUTHORITY SECTION:
cu. 3600 IN SOA ns.ceniai.net.cu. cu-tech.ceniai.inf.cu. 2017102605 3600 1800 1209600 3600;; Query time: 154 msec
;; SERVER: ::1#53(::1)
;; WHEN: Thu Oct 26 19:56:46 EDT 2017
;; MSG SIZE rcvd: 104This above query should answer with the name server like the one below:
; <<>> DiG 9.10.3-P4-RedHat-9.10.3-9.P4.fc22 <<>> example.com ns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57752
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 5;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;example.com. IN NS;; ANSWER SECTION:
example.com. 86400 IN NS b.iana-servers.net.
example.com. 86400 IN NS a.iana-servers.net.;; ADDITIONAL SECTION:
a.iana-servers.net. 109216 IN A 199.43.135.53
b.iana-servers.net. 109216 IN A 199.43.133.53
a.iana-servers.net. 109216 IN AAAA 2001:500:8f::53
b.iana-servers.net. 109216 IN AAAA 2001:500:8d::53;; Query time: 43 msec
;; SERVER: ::1#53(::1)
;; WHEN: Thu Oct 26 20:04:54 EDT 2017
;; MSG SIZE rcvd: 176
See the ANSWER SECTION.Your DNS is not set up.
Hope this helps,
Bill
On 10/:03 PM, Rommel Rodriguez Toirac wrote:
> Hello all;
> I finally test the config of my firewall using it like a DMZ but have some problems.
> For example, in the DMZ I have a DNS server, the access to it is allowed from the internal netwok or loc zone and from
> outside or net zone; in the DMZ also is the FTP, jabber, web and email servers. Happen that from outside or net zone I can not
> access to any of this servers using the name, IP or alias of the server.
> In my municipal networks, in the DNS servers, I add and server forwarder, this was the IP of my external interfaces. This is
> for all requests that can not be found in his network, send to me.
> From a municipal network when I try to access to the email server of my network poiting to the alias (mail.gtm.gob.cu) never
> connect. This happend with all request made to a name, or alias. If I use the IP addres of the server everything work fine.
> I know, these is problem of DNS, but I configure the DNS to allow acces from the outside network and from inside network
> using views.
> Attached I send the shorewall dump.
> I try to be sure that is not problem of shorewall that deny the access to the DMZ zone where are the DNS server and all other
> servers.
> Thank for the attention and forgive my bad English.
>
>
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users