SunQuest
           DNS
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Dev Shed ForumsSystem AdministrationDNS
Reload this Page

Prob.: dns(bind) on a Linux DSL-gateway with dynamic IP and LAN

Discuss Prob.: dns(bind) on a Linux DSL-gateway with dynamic IP and LAN in the DNS forum on Dev Shed.
Prob.: dns(bind) on a Linux DSL-gateway with dynamic IP and LAN DNS forum discussing issues, servers, and configurations. The Domain Name System (DNS) is what the Internet uses to translate website names into IP addresses.

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
AT&T devCentral & BlackBerry(r) Webcast Series: BlackBerry and GPS -Build Location Awareness into your BlackBerry Applications, July 10th-1:00PM EST. Register Today!
  #1  
Old December 9th, 2003, 05:56 AM
moritz moritz is offline
Junior Member
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Dec 2003
Location: Stuttgart (Germany)
Posts: 1 moritz User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Unhappy Prob.: dns(bind) on a Linux DSL-gateway with dynamic IP and LAN
Hi all!

I just set up a Linux Red Hat (9.0) server with bind 9.2.1 and iptables 1.2.7a.
My router has two network interfaces:

eth0 - 192.168.69.254
ppp0 (on eth1) - dynamic IP and dns from ISP

Following services i want to use on my router:

1.) NAT (masquerading) with iptables, should already run ?!?
2.) local dns server with bind

At the moment i already have (successfully) set up a local domain, which can only be seen in my private LAN (192.168.69.xxx). All the clients can ping and resolve each other in the LAN.

Here is my problem:
----------------------

my clients can´t resolve addresses out from my local domain (LAN)!
I did only set up two "master zones" - localhost and localDomain (area41), but not yet a "forwarding zone". Is this necessary (how) ??

In addition, every time when my ppp0 reconnects to the internet, "someone" re-writes my "/etc/resolve.conf" new with the two actual dns servers from my ISP:

nameserver a.b.c.d (dynamic from ISP)
nameserver e.f.g.h (dynamic from ISP)

Now from this point my own dns server works no more until i re-ADD following lines to "/etc/resolve.conf":

search area41
nameserver 192.168.69.254

Surely this isn´t a satisfying "solution" :-p

What do i have to do, that my private dns on my router gets dynamically the actual dns serveraddresses from ppp0 (resp. from ISP) or can at least share them??

I should note, that my iptables-configuration was generated my a script from FireHOL
(http://firehol.sourceforge.net/)
Because i don´t understand all of the settings, i can´t debar, that my dns-problem is in fact a iptables-configuration problem :-/

THANKS FOR ALL HELP!!

Greetings from Stuttgart (Germany)
moritz


Code:
[root@surfboard named]# ifconfig
eth0      Protokoll:Ethernet  Hardware Adresse 00:10:DC:45:77:0A
          inet Adresse:192.168.69.254  Bcast:192.168.69.255  Maske:255.255.255.0          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:933 errors:0 dropped:0 overruns:0 frame:0
          TX packets:206 errors:0 dropped:0 overruns:0 carrier:0
          Kollisionen:0 Sendewarteschlangenlänge:100
          RX bytes:73813 (72.0 Kb)  TX bytes:19928 (19.4 Kb)
          Interrupt:11 Basisadresse:0xa000
 
eth1      Protokoll:Ethernet  Hardware Adresse 00:04:75:FC:EF:17
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6964 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6906 errors:0 dropped:0 overruns:0 carrier:0
          Kollisionen:0 Sendewarteschlangenlänge:100
          RX bytes:4827763 (4.6 Mb)  TX bytes:996256 (972.9 Kb)
          Interrupt:4 Basisadresse:0xa400
 
lo        Protokoll:Lokale Schleife
          inet Adresse:127.0.0.1  Maske:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:48655 errors:0 dropped:0 overruns:0 frame:0
          TX packets:48655 errors:0 dropped:0 overruns:0 carrier:0
          Kollisionen:0 Sendewarteschlangenlänge:0
          RX bytes:3418083 (3.2 Mb)  TX bytes:3418083 (3.2 Mb)
 
ppp0      Protokoll:Punkt-zu-Punkt Verbindung
          inet Adresse:80.184.xxx.yyy  P-z-P:62.104.190.21  Maske:255.255.255.255
          UP PUNKTZUPUNKT RUNNING NOARP MULTICAST  MTU:1454  Metric:1
          RX packets:6662 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6603 errors:0 dropped:0 overruns:0 carrier:0
          Kollisionen:0 Sendewarteschlangenlänge:3
          RX bytes:4663007 (4.4 Mb)  TX bytes:832704 (813.1 Kb)


here the FireHOL-script which configurates my iptables:

Code:
#!./firehol
# ------------------------------------------------------------------------------
# FireHOL controls your firewall. You should want to get updates quickly.
# Subscribe (at the home page) to get notified of new releases.
# ------------------------------------------------------------------------------
#
# This config will have the same effect as NO PROTECTION!
# Everything that found to be running, is allowed.
# 
# Date: Mon Dez  8 00:13:51 CET 2003 on host surfboard
# 
# The TODOs bellow, are YOUR to-dos!

### DEBUG: Processing interface 'eth0'
### DEBUG: Processing IP 192.168.69.254/32 of interface 'eth0'

# Interface No 1.
# The purpose of this interface is to control the traffic
# on the eth0 interface with IP 192.168.69.254/32 (net: "192.168.69.0/24").

interface eth0 eth0-intern src "192.168.69.0/24" dst 192.168.69.254/32

	policy reject

	# Here are the services listening on eth0.
	# TODO: Normally, you will have to remove those not needed.

	server ICMP accept
	server dns accept
	server http accept
	server ssh accept
	server sunrpc accept
	server webmin accept

	# The following means that this machine can REQUEST anything via eth0.
	# TODO: On production servers, avoid this and allow only the
	#       client services you really need.

	client all accept


### DEBUG: Processing interface 'eth1'
# Ignoring interface 'eth1' because does not have an IP or route.


### DEBUG: Processing interface 'ppp0'
### DEBUG: Processing IP 80.184.xxx.yyy/32 of interface 'ppp0'

interface ppp0 ppp0-internet src not "${UNROUTABLE_IPS} "

	policy drop

	# Here are the services listening on ppp0.
	# TODO: Normally, you will have to remove those not needed.

	server ICMP accept
	server dns accept
	server ssh accept
	server sunrpc accept
	server webmin accept

	# The following means that this machine can REQUEST anything via ppp0.
	# TODO: On production servers, avoid this and allow only the
	#       client services you really need.

	client all accept


# The above 2 interfaces were found active at this moment.
# Add more interfaces that can potentially be activated in the future.
# FireHOL will not complain if you setup a firewall on an interface that is
# not active when you activate the firewall.
# If you don't setup an interface, FireHOL will drop all traffic from or to
# this interface, if and when it becomes available.
# Also, if an interface name dynamically changes (i.e. ppp0 may become ppp1)
# you can use the plus (+) character to match all of them (i.e. ppp+).


# Router No 1.
# Clients on eth0 (from "192.168.69.0/24") accessing servers on ppp0 (to not "${UNROUTABLE_IPS} ").

router router_out inface eth0 outface ppp0 src "192.168.69.0/24" dst not "${UNROUTABLE_IPS} "


	# To NAT client requests on the output of ppp0, add this.

	> masquerade

	# TODO: This will allow all traffic to pass.
	# If you remove it, no REQUEST will pass matching this traffic.

	route all accept


# Router No 2.
# Clients on ppp0 (from not "${UNROUTABLE_IPS} ") accessing servers on eth0 (to "192.168.69.0/24").

router router_in inface ppp0 outface eth0 src not "${UNROUTABLE_IPS} " dst "192.168.69.0/24"

	# To NAT client requests on the output of eth0, add this.

	> masquerade

	# TODO: This will allow all traffic to pass.
	# If you remove it, no REQUEST will pass matching this traffic.

	route all accept
Reply With Quote
  #2  
Old December 9th, 2003, 06:48 AM
SilentRage's Avatar
SilentRage SilentRage is offline
DNS/BIND Guru
Dev Shed Specialist (4000 - 4499 posts)
  
Join Date: Jun 2003
Location: OH, USA
Posts: 4,193 SilentRage User rank is Second Lieutenant (5000 - 10000 Reputation Level)SilentRage User rank is Second Lieutenant (5000 - 10000 Reputation Level)SilentRage User rank is Second Lieutenant (5000 - 10000 Reputation Level)SilentRage User rank is Second Lieutenant (5000 - 10000 Reputation Level)SilentRage User rank is Second Lieutenant (5000 - 10000 Reputation Level)SilentRage User rank is Second Lieutenant (5000 - 10000 Reputation Level)SilentRage User rank is Second Lieutenant (5000 - 10000 Reputation Level) 
Time spent in forums: 1 Week 5 Days 14 h 27 m 56 sec
Reputation Power: 77
On windows whenever I wanna know what is messing with a file, I sick a file access sniffer on it. I would download Filemon from www.sysinternals.com and setup a filter to sniff that specific file and just let it run for awhile. I don't know if this is feasable on linux (sysinternals has both a win and linux version) or if there's a better alternative for snooping this type of info out, but it's a start.

Here's a tip: do not create large posts. If you want to include the content of various files, include them as attachments. This makes it easier to help you, and more people willing to help you. Sometimes when people ask a question and nobody answers, it's not becuase nobody knows the solution, it's because the person didn't ask the question in the right way.
__________________
Send me a private message if you would like me to setup your DNS for you for a price of your choosing. This is the preferred method if your DNS needs to be fixed/setup fast and you don't have the time to bounce messages back and forth on a forum. Also, check out these links:

Whois Direct | DNS Crawler | NS Trace | Compare Free DNS Hosts
Reply With Quote
Reply

Viewing: Dev Shed ForumsSystem AdministrationDNS > Prob.: dns(bind) on a Linux DSL-gateway with dynamic IP and LAN

« Previous Thread | Next Thread »

Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump


Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 





© 2003-2008 by Developer Shed. All rights reserved. DS Cluster 1 hosted by Hostway