NAT Port forwarding problems!
 

I'm using Qwest DSL with a Cisco 678 DSL router. I'm on PPP with a dynamic IP. My IP doesn't change, I always get the same IP. I'm using NAT on the Cisco as I only have the one IP address. Port 53 UDP and TCP is forwarded to my Redhat box running Bind. Internally my RH box takes all DNS requests without a problem resolving everything as expected. yahoo.com, google.com all resolve without issue. You can ping my domain and my alias's I have defined for it and the DNS server returns the correct IP. When you try and use my DNS server as your primary DNS server external to my network it returns the IP of the DSL router for every request. If you ping yahoo.com it will return the IP of the DSL router as the IP of yahoo.com. I know there is communication back to the DNS server because it will resolve my aliases for my domain. Here's the odd part. Even with an internal IP scheme setup in the DNS server it still returns the DSL routers IP for those aliases. Currently I have it set up to return the DSL routers IP. As you can see my setup seems to have some issues. The problem is with NAT and port forwarding and PPP. Somewhere in that mix lies the issue. Any help would be appreciated. My IP is: 207.108.54.93. My domain is spokanerc.net. One of my aliases is: ns1.spokanerc.net. Any help is appreciated!

Have you made any FORWARD chain rules to allow/block UDP/53?

After the NAT chain, packets pass thru FORWARD...

I'm not even using ipchains as far as I know. This is a bare min RH8 install. I"m manually adding each package as I build up this system. I'm probably going to call this port forwarding from the Cisco issue moot soon, break down and spend the extra $14 a mos for 5 static IPs. I really need two DNS servers for this to be set up properly. Right now I pointed my domain record secondary dns to an unused IP that qwest has : ) but that isn't the right way to do things. Thanks for the advice!

can u post your zone files and your named.conf

I'll let you all know where it stands once I get my block of statics working. Qwest is horrible for tech support! By the time I'm done with them I'll have over 3 hours on the phone, most of it on hold. I'm going to demand they rescind the 50$ setup fee or they can keep their IP's and I'll go to a different ISP.