LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 02-06-2011, 02:42 AM   #1
dschuett
Member
 
Registered: Aug 2010
Posts: 40

Rep: Reputation: 1
Internal host names resolving through external DNS?!?


I just set up my first ever bind9 DNS server running on ubuntu server 10.04. This server is also my gateway/dhcp server.

Here is what is weird:
If I do a dig @8.8.8.8 dschuett-lmtl.scs.local from any of my clients it resolves?!?! Dig shows that it got the answer from MY Bind9 DNS server (and NOT Google's of course), but why is it still resolving when I'm telling it to use and external DNS server?

The other weird thing is that the SAME EXACT dig command above does NOT resolve internal host names if I do it from the Bind9 DNS server. - Which is what i would expect SHOULD be happening if done from the client machines...

Here are the dig results:

From any internal client:
Code:
dig @8.8.8.8 dschuett-lmtl.scs.local

; <<>> DiG 9.7.0-P1 <<>> @8.8.8.8 dschuett-lmtl.scs.local
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49041
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;dschuett-lmtl.scs.local.       IN      A

;; ANSWER SECTION:
dschuett-lmtl.scs.local. 259200 IN      A       192.168.0.202

;; AUTHORITY SECTION:
scs.local.              259200  IN      NS      gateway.scs.local.

;; ADDITIONAL SECTION:
gateway.scs.local.      259200  IN      A       192.168.0.1

;; Query time: 0 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Feb  6 01:18:09 2011
;; MSG SIZE  rcvd: 95
From Bind9 DNS server:
Code:
dig @8.8.8.8 dschuett-lmtl.scs.local

; <<>> DiG 9.7.0-P1 <<>> @8.8.8.8 dschuett-lmtl.scs.local
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9279
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;dschuett-lmtl.scs.local.       IN      A

;; AUTHORITY SECTION:
.                       1800    IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2011020501 1800 900 604800 86400

;; Query time: 77 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Feb  6 01:28:57 2011
;; MSG SIZE  rcvd: 116
Any ideas why this is happening?
 
Old 02-06-2011, 10:26 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
Odd. I'd look at iptables. Are you somehow redirecting all outbound DNS traffic going *through* the server in its gateway function to your internal DNS server? something in the PREROUTING NAT table? That's all that makes sense to me. As the DNS is the GW, you'll probably find out a lot by using tcpdump if there's any confusion. run "tcpdump -vn -i eth0 port 53" to dump all DNS traffic on what I'd guess is your internal interface, and then do the same on the external side, and see what traffic is going where.
 
Old 02-06-2011, 04:14 PM   #3
dschuett
Member
 
Registered: Aug 2010
Posts: 40

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by acid_kewpie View Post
Odd. I'd look at iptables. Are you somehow redirecting all outbound DNS traffic going *through* the server in its gateway function to your internal DNS server? something in the PREROUTING NAT table? That's all that makes sense to me. As the DNS is the GW, you'll probably find out a lot by using tcpdump if there's any confusion. run "tcpdump -vn -i eth0 port 53" to dump all DNS traffic on what I'd guess is your internal interface, and then do the same on the external side, and see what traffic is going where.
That's funny that you say that because that is exactly what I was trying to accomplish when I discovered that this was happening. I set these two rules in my iptables script:

Code:
#Redirect DNS so it will ALWAYS use YOUR server
$IPT -t nat -A PREROUTING -i eth1 -p tcp --dport 53 -j REDIRECT --to-port 53
$IPT -t nat -A PREROUTING -i eth1 -p udp --dport 53 -j REDIRECT --to-port 53
But when I comment them out and flush dns with:
Code:
invoke-rc.d nscd restart
nscd -i hosts
It still resolves the hosts names through google's DNS with the Dig commands in the previous posts.

I uninstalled bind and disabled those rules in my iptables script. Reinstalled bind, and it stopped doing it. But once I enabled those rules in iptables it resolves them again (as i would expect), however if i disable the rules and flush dns and restart bind...it still resolves, so SOMETHING is getting cached somewhere once those rules are applied ONE time.
 
  


Reply

Tags
bind, bind9, dns, dnsserver


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
syslog-ng not resolving DNS names noir911 Linux - Server 2 07-28-2008 04:02 AM
DNS - resolving names without needing the FQDN ehorton Linux - Newbie 5 01-16-2006 09:43 PM
Help resolving names between a Redhat and a win 2003 host Terrence Hinds Linux - Networking 5 10-10-2004 06:08 AM
Can bind 9 (DNS) resolve names based on who's asking?? (internal vs. external clients registering Linux - Networking 3 06-16-2004 08:25 AM
Resolving Local Non-FQDN Host Names fortezza Linux - Networking 2 02-14-2004 05:17 AM


All times are GMT -5. The time now is 09:50 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration