Hey experts,

I have a server running Ubuntu Edgy (6.10). It stands between the Internet and about 20 Windows desktop machines running Vista, XP, and 2K.

It runs a iptables firewall, bind9, squid, and squidGuard (among other things) and for the most part, it's happy.

However, clients on the network cannot reach the three websites that we own - and are hosting off-site. For some reason it seems to be just those three sites, all the rest of the Web seems to work. The problem is the names are not resolving.

My Ubuntu server's ip address is 192.168.1.1, which is what it assigns as the DNS server to clients that are using DHCP. As I stated - for the most part this works. The server connects to the Internet via ADSL using "pon" and gets two DNS server addresses from the ISP which it puts into its /etc/resolv.conf file.

FROM THE SERVER (via ssh) I can connect to the three "rogue" websites using ping, nslookup, and lynx (there is no GUI on the server).

FROM THE CLIENTS I cannot connect, ping returns "unknown host", nslookup using 192.168.1.1 as the DNS server returns "***[192.168.1.1] Can't find www.domainname.com: Server failed" and of course the browser returns a DNS error.

FROM THE CLIENT I can use nslookup and set it to use the ISP's DNS server and then nslookup will work.

I have tried stopping and starting bind9, the firewall script and the Internet connection all to no avail.

Sooooo.. I know nothing about DNS. How can I get these three sites to resolve from my server?

Your problem sounds similar to mine:

DNSMasq not serving requests from external PCs

and I am also running Ubuntu (7.04, not 6.10) with Squid and Dansguardian (rather than Squidgard). From a terminal window on the server, I can resolve every IP address that I try. When I manually ocnfigure a client to reference my server (192.168.15.101), I get no reply.

What happens if you manually set a client to use your server as DNS (rather than assign it via DHCP)? Can they still resolve other addresses? If not, is it possible that the DHCP server passes along multiple DNS addresses, including those of your ISP?

I will be watching this thread with interest to see if we are suffering from the same problem.... Good luck!

Hi Jroyce,

Thanks very much for your reply.

It seems my problem is more complicated because it's now intermittent. What I *think* has happened is that there may actually be something wrong with those 3 sites that we own (they are all hosted at the same place) and when they come back up, the squid proxy "remembers" that they were down and won't let any clients access them (even though, for some reason, the server itself can).

The next time it happens that I can't reach my websites, I will try clearing the squid cache and see if that helps. (I'll also try your suggestions too). I'll keep this thread updated.

Thanks again!

I doubt your server will use itself as a proxy. Just FYI.

Also, you may need 127.0.0.1 in your /etc/resolv.conf to get resolution working properly. But I think that's only if your Ubuntu box is the DNS server for that zone. I could be wrong, though.

What you can try to see if the site goes up or down is, from the server, just open a term and do something like "ping (servername) > response". Then after a day or two, hit CTRL+C, and check the file "response" that was created with something like "tail response" and it'll tell you how many packets were sent, how many didn't response, yadda yadda.

Hi ARC1450,

The server ISN'T using itself as a proxy. that's why I'm able to get the websites FROM THE SERVER but not from the clients. I know absolutely NOTHING about DNS, so I don't know if it is using itself as a DNS server or the ISP's DNS servers.

I'll try the ping thing.

Whatever is listed in /etc/resolv.conf is what it will use to resolve the servers. If the ISP's DNS is listed first, it will use those. . .if 127.0.0.1 is listed first, it will do a lookup to itself.

This is true, but that is only from the point of view of somebody using the server itself. What is in /etc/resolv.conf has no impact on the DNS queries made to the server itself. So when the windows machines try to get addresses, this server goes out the the DNS root servers for anything it isn't authoritative for.

That being said, if you may be having problems resolving domains, we need to domain names so we can check.

Peace,
JimBass

I was speaking of if he was browsing from the box itself, not the clients. Since the localhost isn't listed in /etc/resolv.conf, he's using outside servers to resolve domain names; that's the only box that works consistently.

And if you'll notice, he's not having problems resolving names from everywhere, only from behind his box. That's a good indicator DNS is working properly. Giving us the domains isn't going to do anything.

Anyway, you can always set up your BIND box as a forwarder and just toss DNS requests to your ISP.

Just do "man named.conf". That should give you an idea how to configure stuff.

If you're wanting to know a decent amount about BIND and reading doesn't phase you, check out the DNS & BIND book from O'Reilly press. Good read.

Okay.... it's happening again. Our off-site locations can get to our websites, and if I telnet to our local Ubuntu server I can also get to the website (with lynx and by pinging).

None of the computers from behind the ubuntu box can connect to them. However, we can surf the rest of the Internet just fine.

ARC1450, you mentioned I can set the box up to just forward DNS requests to my ISP. Can you tell me how? I did "man named.conf" but that just tells me what the options are, not which ones I need to use. A little hand-holding, please.

Here is the contents of my current /etc/bind/named.conf: (sans comments)

Need to see all the files referenced there in your config, like named.conf.local and named.conf.options.

The keyword you're looking for is "forwarder" in your global options, IIRC.