Hi all,
This has me beat, so ANY ideas are welcome.
Yesterday afternoon I upgraded my workstation from a bastardised potato
(ie had a lot of Adrain Bunk's pacakes) to woody.
In all it went well, except that bind is now wierd.
I am SOA for the LAN, and forward ns requests through our firewall for
external domains.
The internal domain still resolves OK, but I cannot resolve any external
names.
Our internal secondary can still resolve to the outside.
I can ssh etc by IP address.
I removed 8.2.4 and reinstalled the Bunk 8.2.4, no difference.
After setting the secondary as a forwarder, I can resolve names external
to LAN.
Here's some configs...
Firewall:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DROP tcp -- 192.168.2.0/24 0.0.0.0/0 tcp dpt:80
DROP tcp -- 192.168.2.0/24 0.0.0.0/0 tcp
dpts:6600:7100
DROP udp -- 192.168.2.0/24 0.0.0.0/0 udp
dpts:6600:7100
DROP tcp -- 192.168.0.0/24 0.0.0.0/0 tcp dpt:80
DROP tcp -- 192.168.0.0/24 0.0.0.0/0 tcp
dpts:6600:7100
DROP udp -- 192.168.0.0/24 0.0.0.0/0 udp
dpts:6600:7100
ACCEPT udp -- 192.168.0.107 0.0.0.0/0 udp dpt:53
ACCEPT udp -- 192.168.0.142 0.0.0.0/0 udp dpt:53
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 192.168.0.0/24 0.0.0.0/0
to:202.92.79.119
SNAT all -- 192.168.2.0/24 0.0.0.0/0
to:202.92.79.119
Forward is Accept
This box:
options {
directory "/var/cache/bind";
// query-source address * port 53;
forwarders {
192.168.0.142; // the secondary
202.92.79.116; // what I used to resolve off
};
};
If I run nslookup and set
server 202.92.79.116
I still can't resolve names.
As I said, any help would be good.
John P Foster
