LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Can't access web sites on internal network (BIND Configuration) (http://www.linuxquestions.org/questions/linux-server-73/cant-access-web-sites-on-internal-network-bind-configuration-932508/)

jeffreydavisjr 03-03-2012 09:06 AM

Can't access web sites on internal network (BIND Configuration)
 
Hey guys! I have been neck deep into CentOS 6 for 2 weeks now. Before that I had 0 experience in Linux as all my previous web server experience was in a Windows Environment. None-the-less, I have setup BIND version 9.7.3 and Apache version 2.2.15 and can view my domains/sub-domains over the internet (NOT ON THE LOCAL NETWORK).

However, when I am on the internal local network (Same network as the web server) I can not view the sites. I receive a page timeout error when I enter www.mydomain.com or subdomain.mydomain.com into the browser. In order to access the sites I have to enter the local IP Address (192.168.x.x) which defaults to the first sub-domain.

I am assuming it has something to do with the BIND setup. I could be wrong.

Thanks in advance for any suggestions/tips.

david1941 03-03-2012 09:28 AM

You could check your named responses by using dig (see man dig). It will show what your name server returns when queried.

jeffreydavisjr 03-03-2012 09:43 AM

I did a "dig mydomain.com" and it returned the following (I removed my real domain name and inserted "mydomain.com" and remove the external IP Address and replaced with X.X.X.X) The answer section returns back the external IP address to the server. This is fine for external requests. But what about internal request?
Code:


; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> mydomain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53671
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mydomain.com.                IN      A

;; ANSWER SECTION:
mydomain.com. 15298  IN      A      X.X.X.X

;; Query time: 63 msec
;; SERVER: 208.180.42.100#53(208.180.42.100)
;; WHEN: Sat Mar  3 10:39:02 2012
;; MSG SIZE  rcvd: 56


david1941 03-03-2012 10:27 AM

The system gets address resolution from different places; /etc/hosts /etc/resolv.conf and a name server. The name server is selected by the /etc/resolv.conf file. You might be able to just add your real name to your local /etc/hosts and that may work. If your name server serves all your local machines, it may be easier to just add a split DNS setup (see Section 4.4 of the bind ARM - https://www.isc.org/files/arm97.pdf or whatever bind you have).

(You didn't say what your IP really is but dig was using 208.180.42.100 as its name server and I assume that's true)

jeffreydavisjr 03-03-2012 01:44 PM

When you say add my "real name" to the hosts file... Do you mean the local address of the server? Or the actual server name? (i.e. myserver.mydomain)

Thanks so much.

david1941 03-03-2012 02:34 PM

I meant the answer you got above (that you obfuscated) came from rdns02.suddenlink.net. If that is the nameserver you set up for your resolutions, then I thought you might just try to put your local name and local address in the /etc/hosts file or set up a split dns for your local network resolution to allow your local browser to query for your website name and get the local address.

It makes it difficult to talk about things when they are obfuscated. If you are using private addresses (192.168.xxx.xxx or 10.xxx.xxx.xxx), no one else can route them anyway so hiding them is not hiding anything anyway while public addresses in DNS are just that - public, and DNS is public. A split DNS works for private internal networks that are called like my nameserver with a public DNS IP 99.178.153.41 or 2001:470:1f11:7d0::4 from the outside and by its internal address, 192.168.102.9 from the inside and returns the inside address to those machines querying from the inside or the outside address when queryed from outside. If you have only one machine, perhaps the /etc/hosts is just easier. The /etc/resolv.conf tells you machine which nameserver it should query.

jeffreydavisjr 03-03-2012 03:44 PM

Dave, Thanks so much for your help. Putting the domains and subdomains in the host file solves the problem in regards to being able to view the websites on the actual server. But when attempting to browse to the web sites on the same network as the server I am still unable to reach the sites (Time out error). Basically, I have a server and a developer machine on the same network. When browsing on the developer machine I can not view the sites. When browsing on the server I can now thanks to your advice about the host file :) !

This really makes me think its a BIND DNS issue.

My resolv.conf file looks like this:
Code:

# Generated by NetworkManager
search dhssolutions
nameserver 208.180.42.100

This is my DNS Server that was provided to me by my ISP.

On the developer machine I can ping the domain names and the sub domain names just fine. I can also ping the private IP address to the server just fine. And again, plugging in the private IP address (192.168.1.254) into a web browser brings up the site fine as well... Spent 2 days on this so far...

So now I will try to split the DNS and see what happens. Thank again Dave, you've been an incredible help!

david1941 03-03-2012 04:18 PM

Unless you are running the name server on your local network, the split system won't work. You can always over-ride the DNS with the /etc/hosts file on each machine. But if you've got a lot of them, that's a problem and running a local server on the network just works out better. If you get into it and have problems, send me a private email and I'll share my setup.

jeffreydavisjr 03-03-2012 04:28 PM

I am running the DNS on the same network so a split DNS will have to be used. I am reading the manual now and trying to implement it.


All times are GMT -5. The time now is 03:34 AM.