From owner-freebsd-questions Tue Apr 30 14: 8:49 2002 Delivered-To: freebsd-questions@freebsd.org Received: from infinity.aesredfish.net (ns1.aesredfish.net [65.168.0.12]) by hub.freebsd.org (Postfix) with ESMTP id 99D5037B400 for ; Tue, 30 Apr 2002 14:08:41 -0700 (PDT) Received: from potentialtech.com (mhope-dhcp-65-168-1-181.dashfast.com [65.168.1.181]) by infinity.aesredfish.net (8.11.6/8.11.0) with ESMTP id g3UL8hU03480; Tue, 30 Apr 2002 17:08:43 -0400 Message-ID: <3CCF0910.1020306@potentialtech.com> Date: Tue, 30 Apr 2002 17:13:52 -0400 From: Bill Moran Organization: Potential Technologies User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.3) Gecko/20010914 X-Accept-Language: en-us MIME-Version: 1.0 To: Carolyn Longfoot Cc: freebsd-questions@freebsd.org Subject: Re: NAT/DNS/WEB References: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Carolyn Longfoot wrote: > I have a machine that's a dual homed host running NAT and DNS, connected > to the outside world with a static IP. It seems I can nslookup > 'www.mydomain.com' from the outside, so I think my DNS responds to > lookups from the outside. If nslookup from a machine on the internet resolves the name to the proper address, then your DNS is correct. A simple "ping www.mydomain.com" will tell you whether or not the DNS resolved. If you then can't contact that machine, well, it's not DNS that's the problem. > I am pointing 'WWW' via DNS to a separate machine called > web.mydomain.com but for some reason from the outside I cannot get to > www.mydomain.com. It is working from the inside however. What's the IP address of the www machine? If it's a private IP addy, you'll get this behaviour. > My confusion is therefore the following: how can I test that outside DNS > queries are resolved correctly and why would requests for www... not get > routed to the Web server? Use nslookup, if it gives you the right number but you can't contact it, then the DNS is correct but something else is wrong. > I'm pretty sure nothing relevant (UDP 53 or IP 80) gets dropped by the > firewall btw. But is the routing information correct? > This is my first attempt at DNS so please be gentle :-) I'm looking for > a conceptual answer but I can follow up with config files if it helps. I > read some old posts at 'Ask Mr.DNS' that talked about running 'split > DNS'. Is that still necessary? Depends. The machine that's running the web server, is it actually accessible from the Internet? If not, you'll either need another IP address or to alias via NAT. If you alias, you'll make your DNS entry for www point to the machine that has the static IP, then you'll configure that machine to pass the request through to the real webserver. -- Bill Moran Potential Technology http://www.potentialtech.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message