[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: dns inside firewall



"Erick Calder" <e@arix.com> wrote:
> From: Daniel Biddle [mailto:deltab@osian.net]
>> %in:192.168
>> %ex
>> +www.arix.com:192.168.0.2:::in
>> +www.arix.com:63.194.16.45:::ex

Note that if dnscache and tinydns are on the same machine, then
dnscache's queries to tinydns will probably be coming from 127.0.0.1,
so you should also have:
%in:127

> I can't seem to query the cache server in the same manner

$ env DNSCACHEIP=192.168.0.3 dnsqr a www.arix.com

> @400000003f5b752c1dc41c0c query 528 c0a800c9:0ec8:0001 1 test.arix.com.
> @400000003f5b752c1dc44704 cached ns arix.com. a.ns.arix.com.
> @400000003f5b752c1dc452bc cached ns arix.com. b.ns.arix.com.
> @400000003f5b752c1dc4625c cached 1 a.ns.arix.com.
> @400000003f5b752c1dc46e14 cached 1 b.ns.arix.com.
> @400000003f5b752c1dc479cc tx 0 1 test.arix.com. arix.com. 3fc2102d 3fc2102d
> @400000003f5b75a42b89ab04 servfail test.arix.com. input/output error
> @400000003f5b75a42b89ddcc sent 528 31

dnscache is trying to talk to a.ns.arix.com and b.ns.arix.com, both at
63.194.16.45, the external address of your DSL modem.  Apparently,
your IP setup won't handle internal machines talking to your own
external address.  You can deal with that by adding an override to
dnscache's root/servers/ configuration:
<URL:http://cr.yp.to/djbdns/dot-local.html>
You'd use arix.com instead of "internal", and the internal address of
your tinydns.


paul