LinuxQuestions.org - dns firewall debian

ok, this is what's up. i'm looking at setting up my soho lan, so that i can drop my multiple statics for a single one.

my set up.
all of my boxes have their own static ips. this is nice, but i'm looking at getting them down to only one.
i have three of these, workstation, server, future server. what i am trying to do is to get my future put out dhcp and then have a caching dns going on it.

now, i have the dhcp configed, i can ping both the server and the client when i bring that eth up. the dns is working on the fserver for it's self, yet not for the local network.

i'll drop some stats here. i'll try and color code them. workstation - red, server - blue

# ping google.com
ping: unknown host google.com
yet i can ping google with their ip, just not their name. so i would believe that the route and the connection is fine. more to come on this part.

# ping google.com
PING google.com (216.239.39.99) 56(84) bytes of data.
64 bytes from 216.239.39.99: icmp_seq=1 ttl=238 time=251 ms
64 bytes from 216.239.39.99: icmp_seq=2 ttl=238 time=77.1 ms

--- google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 2548ms
rtt min/avg/max/mdev = 77.178/164.284/251.390/87.106 ms

# dig google.com
;; Got SERVFAIL reply from 127.0.0.1, trying next server

; <<>> DiG 9.3.0 <<>> google.com
;; global options: printcmd
;; connection timed out; no servers could be reached
so something is happening here. maybe i'm reading the next one wrong, but it seems that it's getting an answer from the local and the authoritive servers.

# dig google.com

; <<>> DiG 9.2.4 <<>> google.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61461
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com. IN A

;; ANSWER SECTION:
google.com. 60 IN A 216.239.37.99
google.com. 60 IN A 216.239.39.99
google.com. 60 IN A 216.239.57.99

;; AUTHORITY SECTION:
google.com. 345360 IN NS ns1.google.com.
google.com. 345360 IN NS ns2.google.com.
google.com. 345360 IN NS ns3.google.com.
google.com. 345360 IN NS ns4.google.com.

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Nov 17 16:27:06 2004
;; MSG SIZE rcvd: 148

so when i do check the route-
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
65.103.35.240 0.0.0.0 255.255.255.248 U 0 0 0 eth0
192.5.5.0 0.0.0.0 255.255.255.224 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.5.5.1 0.0.0.0 UG 0 0 0 eth1
0.0.0.0 65.103.35.246 0.0.0.0 UG 0 0 0 eth0
now i would think that since the gateways are pointing to the 0.0.0.0 and it's gateway is the correct one things should work. the dns should resolve up to the isp nameserver. it's kind of hard to read these here.

# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
65.103.35.240 0.0.0.0 255.255.255.248 U 0 0 0 eth0
192.5.5.0 0.0.0.0 255.255.255.224 U 0 0 0 eth1
0.0.0.0 65.103.35.246 0.0.0.0 UG 0 0 0 eth0

so i then try out the traceroute to the ips nameserver-
# traceroute 204.147.80.1
traceroute to 204.147.80.1 (204.147.80.1), 30 hops max, 38 byte packets
1 * * *
2 * * *
it keeps doing that. yet i can ping the ip.

# traceroute 204.147.80.1
traceroute to 204.147.80.1 (204.147.80.1), 30 hops max, 38 byte packets
1 65.103.35.246 (65.103.35.246) 0.920 ms 0.800 ms 0.836 ms
2 mpls-dsl-gw08.mpls.qwest.net (207.225.140.8) 40.766 ms 40.062 ms 41.065 ms
3 mpls-agw1.inet.qwest.net (207.225.140.125) 40.151 ms 39.929 ms 40.188 ms
4 mpl-core-01.inet.qwest.net (205.171.128.21) 40.087 ms 41.294 ms 39.965 ms
5 min-edge-05.inet.qwest.net (205.171.128.38) 40.863 ms 42.664 ms 40.837 ms
6 ns3.mn.uswest.net (204.147.80.1) 41.193 ms 41.966 ms 40.991 ms

so then i look at the /var/log/syslog to see if named isn't working properly. this one is kind of long.
Nov 17 16:55:37 prometheus named[8536]: starting BIND 9.2.4 -u bind
Nov 17 16:55:37 prometheus named[8536]: using 1 CPU
Nov 17 16:55:37 prometheus named[8536]: loading configuration from '/etc/bind/named.conf'
Nov 17 16:55:37 prometheus named[8536]: listening on IPv4 interface lo, 127.0.0.1#53
Nov 17 16:55:37 prometheus named[8536]: listening on IPv4 interface eth0, 65.103.35.244#53
Nov 17 16:55:37 prometheus named[8536]: listening on IPv4 interface eth1, 192.5.5.1#53
Nov 17 16:55:37 prometheus named[8536]: command channel listening on 127.0.0.1#953
Nov 17 16:55:37 prometheus named[8536]: command channel listening on ::1#953
Nov 17 16:55:37 prometheus named[8536]: zone 0.in-addr.arpa/IN: loaded serial 1
Nov 17 16:55:37 prometheus named[8536]: zone 10.in-addr.arpa/IN: loaded serial 1
Nov 17 16:55:37 prometheus named[8536]: zone 127.in-addr.arpa/IN: loaded serial 1
Nov 17 16:55:37 prometheus named[8536]: zone 16.172.in-addr.arpa/IN: loaded serial 1
Nov 17 16:55:37 prometheus named[8536]: zone 17.172.in-addr.arpa/IN: loaded serial 1
Nov 17 16:55:37 prometheus named[8536]: zone 18.172.in-addr.arpa/IN: loaded serial 1
Nov 17 16:55:37 prometheus named[8536]: zone 19.172.in-addr.arpa/IN: loaded serial 1
Nov 17 16:55:37 prometheus named[8536]: zone 20.172.in-addr.arpa/IN: loaded serial 1
Nov 17 16:55:37 prometheus named[8536]: zone 21.172.in-addr.arpa/IN: loaded serial 1
Nov 17 16:55:37 prometheus named[8536]: zone 22.172.in-addr.arpa/IN: loaded serial 1
Nov 17 16:55:37 prometheus named[8536]: zone 23.172.in-addr.arpa/IN: loaded serial 1
Nov 17 16:55:37 prometheus named[8536]: zone 24.172.in-addr.arpa/IN: loaded serial 1
Nov 17 16:55:37 prometheus named[8536]: zone 25.172.in-addr.arpa/IN: loaded serial 1
Nov 17 16:55:37 prometheus named[8536]: zone 26.172.in-addr.arpa/IN: loaded serial 1
Nov 17 16:55:37 prometheus named[8536]: zone 27.172.in-addr.arpa/IN: loaded serial 1
Nov 17 16:55:37 prometheus named[8536]: zone 28.172.in-addr.arpa/IN: loaded serial 1
Nov 17 16:55:37 prometheus named[8536]: zone 29.172.in-addr.arpa/IN: loaded serial 1
Nov 17 16:55:37 prometheus named[8536]: zone 30.172.in-addr.arpa/IN: loaded serial 1
Nov 17 16:55:37 prometheus named[8536]: zone 31.172.in-addr.arpa/IN: loaded serial 1
Nov 17 16:55:37 prometheus named[8536]: zone 168.192.in-addr.arpa/IN: loaded serial 1
Nov 17 16:55:37 prometheus named[8536]: zone 255.in-addr.arpa/IN: loaded serial 1
Nov 17 16:55:37 prometheus named[8536]: zone localhost/IN: loaded serial 1
Nov 17 16:55:37 prometheus named[8536]: running

from what i've read and have been playing with i''m at a stand still. i don't know why i can't resolve from the workstation to the server.
cat /etc/resolve search cerberus.cc local
i don't know what the local is, but that's what the dhcpd keeps giving it.

cat /etc/resolv.conf
search subdomain.cerberus.cc
nameserver 127.0.0.1
nameserver 204.147.80.1
nameserver 204.147.80.5

cat /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
forwarders {
204.147.80.1;
204.147.80.5;
};

auth-nxdomain no; # conform to RFC1035

};

the forwarders are on for the dns, yet it's timing out.

any thoughts, any help?

cheers.

edit- i'm using shorewall for my firewall, and since i can get the responces from the ip pings i would have to think that it's not in my way. yet i could be wrong on this.

if people need to see my rules, policies and whatever else, please drop a line.