Guys,
It's a strange problem. I'm in a network where i have a cisco firewall with multiple VLANs in INSIDE, one DMZ and an OUTSIDE. Say one of the INSIDE is A.B.C.1/26. The DMZ is C.D.E.F/27, The outside is P.Q.R.S
I'm running dynamic NAT at Cisco and things are smooth. NAT Works.
Now, In DMZ, I have a DNS server under linux (a VM) CentOS 5.9. It has IP C.D.E.6; and the mail under that same DMZ is C.D.E.7.
INSIDE and mail both are pointed to this DNS. Now, when I do a query for
www.google.com or facebook.com or such in the DNS server (physically logged in), it gives reply. And same reply I get from mail server or some other INSiDE block. looks the DNS is working perfect... it first tries to give me reply and if fails, it queries to upstream servers and then replies me according to that. Great!! but the problem is there are few sites like
www.icrera.org or such I tried to query from the same mail server or INSIDE network and it gave timeout. Well, I did the same query on the DNS server physically and DNS got reply...
It's strange, as some domains are getting replied and some are not... dns server can get reply, but when some clients are asking the dns for this, it can not give reply, get timeout... though some of the domains it can give reply fantastically... even if I reboot the dns, same.. and nothing in the /var/log/message unfortunately...
any ideas?? [Note: ACLs are oky, as i'm not hosting google... but it is working for google, ieee, etc... not working for a few from client, but the server is able to get the ip through query...]
Mishu~