Results 1 to 4 of 4

Thread: DNS server behind firewall works internally but not externally

  1. #1

    DNS server behind firewall works internally but not externally

    I have setup a dns server at home which works on my home network. I have pointed the name server for peoplezoo.net to my static ip address assigned by the ISP. The primary reason for this setup is so that I can make my ip cameras available over the internet while I am away from home.

    I have read the Internal View and External View and am not sure how to apply this to my situation.

    Performing a dig on peoplezoo.net correctly points to my name server ns0.peoplezoo.net, but when I do so for courtyard.peoplezoo.net which is one of the cameras I am configuring, it produces and internal ip address where it is located on my internal network, but neither peoplezoo.net nor courtyard.peoplezoo.net will come up on the Internet.

    I am using a DGN2000 from netgear which is both a dsl modem and wireless router. I have the firewall forwarding dns request to the server and http request to the same server and each of the cameras which have their own built-in web servers. I understand why the outside world would not be able to see the pages at peoplezoo.net or the cameras. I am just not sure how to apply the information linked above to correct it.

    I don't think I need much guidance here, I just need to know where to put the information provided in Internal and external view. I appreciate the help.

    One more thing. I can browse to either of these addresses just fine on my internal network.

  2. #2
    No answer yet, so I tried to figure this out myself and I think I have progressed.

    I put the statements links in my previous post for internal and external view in the named.cond.local file. The created the subdirectories internal and external under /etc/bind/zones. I put the info I had in peoplezoo.net.db in a file by the same name under the internal directory. I ten change a copy of this file for the external directory to point to the static ip address assigned by my isp.

    Now when attempting to restart the name server I get the following in the logs.

    Feb 16 11:15:05 workhorse named[16157]: starting BIND 9.7.0-P1 -u bind
    Feb 16 11:15:05 workhorse named[16157]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions' 'CPPFLAGS='
    Feb 16 11:15:05 workhorse named[16157]: adjusted limit on open files from 1024 to 1048576
    Feb 16 11:15:05 workhorse named[16157]: found 4 CPUs, using 4 worker threads
    Feb 16 11:15:05 workhorse named[16157]: using up to 4096 sockets
    Feb 16 11:15:05 workhorse named[16157]: loading configuration from '/etc/bind/named.conf'
    Feb 16 11:15:05 workhorse named[16157]: /etc/bind/named.conf.default-zones:2: when using 'view' statements, all zones must be in views
    Feb 16 11:15:05 workhorse named[16157]: /etc/bind/named.conf.local:15: undefined ACL 'safe-subnet'
    Feb 16 11:15:05 workhorse named[16157]: /etc/bind/named.conf.local:16: undefined ACL 'safe-subnet'
    Feb 16 11:15:05 workhorse named[16157]: loading configuration: failure
    Feb 16 11:15:05 workhorse named[16157]: exiting (due to fatal error)
    So I am being told that all zones must be in a view when using view statements and 'safe-subnet' was not defined. If anyone knows the answer to this let me know. I did this according to the sections linked above.

  3. #3
    Here is more info.

    There are two things being brought up in the logs. the first," Feb 16 11:58:19 workhorse named[18740]: /etc/bind/named.conf.default-zones:2: when using 'view' statements, all zones must be in views".

    Line 2 of /etc/bind/named.conf.default-zones has
    zone "."
    so I have to somehow get this into one of the views.

    The second issue is

    Feb 16 11:58:19 workhorse named[18740]: /etc/bind/named.conf.local:15: undefined ACL 'safe-subnet'
    Feb 16 11:58:19 workhorse named[18740]: /etc/bind/named.conf.local:16: undefined ACL 'safe-subnet'
    which does not make any sense, since 'safe-subnet' is in fact defined.

    acl “safe-subnet” { 192.168.1.0/24; };

    view “internal” { // What the home network will see

    match-clients { localnets; localhost; safe-subnet; };
    match-destinations { localnets; localhost; safe-subnet; };
    What is the purpose of the line "acl “safe-subnet” { 192.168.1.0/24; };" if not to define 'safe-subnet'?

  4. #4

    Resolved: DNS server behind firewall works internally but not externally

    OK, I have figured this out and I am getting the results I want for inside and outside the network. For those of you who may have the same issue I will explain what I did so that the instructions at Internal View and External View makes a bit more sense. The code located in those sections should be placed in the named.conf.local file. I deleted the reference in the internal view to safe-subnets, because it was preventing the server from starting claiming that the safe-subnets was not defined in spite of the section referenced in my earlier post. That eliminated that error.

    I was getting an error that all zones ha to be included in a view and the zone in question was in the named.conf.default-zones file. This file was called in an include statement in named.conf. I moved that include statement from named.conf to the Internal view section of named.conf.local which made all of the zones in that file part of a view. Problem solve.

    Now I get my static IP address for my router assigned by my ISP when I dig peoplezoo.net. I can also browse to all of my hosts on my internal network, I just can't browse to the correct subdomain from the outside world. So this problem was solved, but has produced another. More to come in another thread.
    Last edited by flabbergasted; 02-17-2011 at 01:17 AM. Reason: resolved

Similar Threads

  1. Rhel5.0 firewall server for my network
    By aamdevan in forum Linux - Software, Applications & Programming
    Replies: 1
    Last Post: 04-05-2009, 04:02 PM
  2. Linux vpn server+firewall
    By s_hcl in forum Security
    Replies: 1
    Last Post: 07-02-2006, 03:49 AM
  3. Synaptic works once then MIA
    By DamselNDistress in forum Linux - Software, Applications & Programming
    Replies: 7
    Last Post: 07-10-2005, 09:59 PM
  4. Linux or BSD? - File server/firewall
    By airhead in forum Linux - Software, Applications & Programming
    Replies: 20
    Last Post: 04-08-2002, 08:43 AM
  5. gdm works, kdm don't
    By cloverm in forum Linux - Software, Applications & Programming
    Replies: 5
    Last Post: 01-26-2002, 12:35 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •