From owner-freebsd-ipfw Tue May 23 5:33:44 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from apollo.ocsny.com (apollo.ocsny.com [204.107.76.2]) by hub.freebsd.org (Postfix) with ESMTP id 007F537B9B6; Tue, 23 May 2000 05:33:15 -0700 (PDT) (envelope-from mikel@ocsny.com) Received: from ocsny.com (thoth.upan.org [204.107.76.16]) by apollo.ocsny.com (8.9.2/8.9.3) with ESMTP id IAA89254; Tue, 23 May 2000 08:31:02 -0400 (EDT) Message-ID: <392A7B0B.ADB515FD@ocsny.com> Date: Tue, 23 May 2000 08:35:23 -0400 From: Mikel Organization: Optimized Computer Solutions, Inc. X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en,it MIME-Version: 1.0 To: Ron Smith Cc: freebsd-net@FreeBSD.ORG, freebsd-ipfw@FreeBSD.ORG Subject: Re: Non-existent domain References: <20000522191733.61404.qmail@hotmail.com> Content-Type: multipart/mixed; boundary="------------C455D02C0A2C666CF8F47901" Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This is a multi-part message in MIME format. --------------C455D02C0A2C666CF8F47901 Content-Type: multipart/alternative; boundary="------------AA2BA8898E99FD0E9F3CBCFE" --------------AA2BA8898E99FD0E9F3CBCFE Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Uh Ron, check your firewall rules....I've taken the liberty in highlighting those that I feel are suspect.... -- Cheers, Mikel +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ | Optimized Computer Solutions, Inc http://www.ocsny.com | 39 W14th Street, Suite 203 212 727 2238 x132 | New York, NY 10011 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ Ron Smith wrote: > Hi all, > > O.K. gang I need your help on this one. I have a particular problem that I > can't seem to solve on my own. Here's what's happening: > > I've configured a dual-homed, DSL gateway with NAT and IPFILTER. Everything > works fine for those on the LAN when browsing HTTP. DNS is also running on > this machine as primary and I have a name server at the ISP as secondary. > However, the problem is that when looking for the domain name "crcfx.com" > out on the web, It's not seen. An error message comes up saying: "A network > error occurred: Unable to connect to server. The server may be down or > unreachable." Also, I don't get a proper response, from outside our LAN, > when doing an 'nslookup stargate.crcfx.com', which has the primary DNS > running locally. This is preventing us from putting other services on-line, > such as 'HTTP' and 'SMTP'. I've talked to several sources (including my > ISP), to no avail. There's lots of confusion all around. I have a suspicion > my problem may stem from the way my zones are set up, or the firewall rules, > but I'm not sure. Anyway, here are the details: > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ping 127.0.0.1 (loopback) > ping 192.x.x.1 (inside interface) > ping 63.x.x.218 (outside interface) > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > All show 0% packet loss. > > ~~~~~~~~~~~~~~~ > 'rc.conf' says: > ~~~~~~~~~~~~~~~ > > # This file now contains just the overrides from/etc/defaults/rc.conf # > please make all changes to this file. > > # -- sysinstall generated deltas -- # > ifconfig_fxp0="inet 192.x.x.1 netmask 255.255.255.0" > ifconfig_pn0="inet 63.x.x.218 netmask 255.255.255.248" > hostname="stargate.crcfx.com" > linux_enable="YES" > moused_enable="YES" > gateway_enable="YES" > defaultrouter="63.x.x.217" > # -- The following deltas were generated by Ron Smith on Apr. 17, 2000 > firewall_enable="YES" > firewall_type="simple" > firewall_script="/etc/rc.firewall" > inetd_enable="NO" > sendmail_enable="NO" > dumpdev=/dev/wd0s1b > natd_enable="YES" > natd_interface="pn0" > named_enable="YES" > > ~~~~~~~~~~~~~~~~~~~ > 'rc.firewall' says: > ~~~~~~~~~~~~~~~~~~~ > > # set these to your outside interface network and netmask and ip > oif="pn0" > onet="63.x.x.216" > omask="255.255.255.248" > oip="63.x.x.218" > > # set these to your inside interface network and netmask and ip > iif="fxp0" > inet="192.x.x.0" > imask="255.255.255.0" > iip="192.x.x.1" > > # Stop spoofing > $fwcmd add deny all from ${inet}:${imask} to any in via ${oif} > $fwcmd add deny all from ${onet}:${omask} to any in via ${iif} > > # Stop RFC1918 nets on the outside interface > $fwcmd add deny all from 192.x.0.0:255.255.0.0 to any via ${oif} > #$fwcmd add deny all from any to 192.x.0.0:255.255.0.0 via ${oif} $fwcmd add > deny all from 172.16.0.0:255.240.0.0 to any via ${oif} > $fwcmd add deny all from any to 172.16.0.0:255.240.0.0 via ${oif} > $fwcmd add deny all from 10.0.0.0:255.0.0.0 to any via ${oif} > $fwcmd add deny all from any to 10.0.0.0:255.0.0.0 via ${oif} > > # Allow ICMP inside only > #$fwcmd add deny icmp from any to any via ${oif} > #$fwcmd add allow icmp from ${inet}:${imask} to ${inet}:${imask} via ${iif} > > # Allow TCP through if setup succeeded > $fwcmd add pass tcp from any to any established > > # Allow setup of incoming email > #$fwcmd add pass tcp from any to ${oip} 25 setup > > # Allow access to our DNS > $fwcmd add pass tcp from any to ${oip} 53 setup > > # Allow access to our WWW > #$fwcmd add pass tcp from any to ${oip} 80 setup > > # Reject&Log all setup of incoming connections from the outside > $fwcmd add deny log tcp from any to any in via ${oif} setup > > # Allow setup of any other TCP connection > $fwcmd add pass tcp from any to any setup > > # Allow DNS queries out in the world > $fwcmd add pass udp from any 53 to ${oip} > $fwcmd add pass udp from ${oip} to any 53 > $fwcmd add pass udp from ${inet}:${imask} to any 53 > > # Allow stuff to 192 net in from the outside, since we're > # checking after NAT does the conversion > $fwcmd add allow udp from any 53 to ${inet}:${imask} via ${oif} > $fwcmd add allow udp from any 53 to ${inet}:${imask} via ${iif} > > # Allow NTP queries out in the world > $fwcmd add pass udp from any 123 to ${oip} > $fwcmd add pass udp from ${oip} to any 123 > > # Everything else is denied as default. > > elif [ "${firewall_type}" != "UNKNOWN" -a -r "${firewall_type}" ]; then > $fwcmd ${firewall_type} > fi > > ~~~~~~~~~~~~~~~~~~~~~~~ > 'whois crcfx.com' says: > ~~~~~~~~~~~~~~~~~~~~~~~ > > Whois Server Version 1.1 > > Domain names in the .com, .net, and .org domains can now be registered > with many different competing registrars. Go to http://www.internic.net for > detailed information. > > Domain Name: CRCFX.COM > Registrar: REGISTER.COM, INC. > Whois Server: whois.register.com > Referral URL: www.register.com > Name Server: NS1.PBI.NET > Name Server: STARGATE.CRCFX.COM > Updated Date: 28-apr-200 > > >>>Last update of whois database: Wed, 3 May 00 04:41:29 EDT <<< > > The Registry database contains ONLY .COM, .NET, .ORG, .EDU domains and > Registrars. > > Access to register.com's WHOIS information is for informational purposes > only. Register.com makes this information available > "as is," and does not guarantee its accuracy. The compilation, repackaging, > dissemination or other use of register.com's WHOIS information in its > entirety, or a substantial portion thereof, is expressly prohibited without > the prior written consent of register.com. By accessing and using our WHOIS > information, you agree to these terms. > > Organization: > Cinema Research Corp > 6860 Lexington Ave > Hollywood, CA 90038 > US > > Registrar..: Register.com (http://www.register.com) > Domain Name: CRCFX.COM > Created on..............: Fri, Mar 24, 2000 > Expires on..............: Sat, Mar 24, 2001 > Record last updated on..: Fri, Apr 28, 2000 > > Administrative Contact: > Smith, Ron ronnetron@hotmail.com > 323-460-4111 > > Technical Contact, Zone Contact: > Internic, Registrar internic-free@register.com > 212-594-988 > > Domain servers in listed order: > > STARGATE.CRCFX.COM 63.x.x.218 > NS1.PBI.NET 206.13.28.11 > > Register your domain name at http://www.register.com > > ~~~~~~~~~~~~~~~~~ > ifconfig -a says: > ~~~~~~~~~~~~~~~~~ > > fxp0: flags=8843 mtu 1500 > inet 192.x.x.1 netmask 0xffffff00 broadcast 192.x.x.255 > > pn0: flags=8843 mtu 1500 > inet 63.x.x.218 netmask 0xfffffff8 broadcast 63.x.x.223 > > lo0: flags=8049 mtu 16384 > inet 127.0.0.1 netmask 0xff000000 > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > 'netstat -na crcfx.com' says: > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > Active Internet connections (including servers) > Proto Recv-Q Send-Q Local Address Foreign Address (state) > icmp 0 0 *.* *.* > tcp 0 0 *.111 *.* LISTEN > tcp 0 0 127.0.0.1.53 *.* LISTEN > tcp 0 0 63.x.x.218.53 *.* LISTEN > tcp 0 0 192.x.x.1.53 *.* LISTEN > udp 0 0 *.111 *.* > udp 0 0 *.1024 *.* > udp 0 0 127.0.0.1.53 *.* > udp 0 0 63.x.x.218.53 *.* > udp 0 0 192.x.x.1.53 *.* > udp 0 0 *.514 *.* > > ~~~~~~~~~~~~~~~~~~~~~ > 'db.crcfx.com' says: > ~~~~~~~~~~~~~~~~~~~~~ > > ; Definition of zone crcfx.com > crcfx.com. IN SOA stargate.crcfx.com. root.crcfx.com. ( > 2000042901 ; Serial (date, two digits version of day) > 86400 ; refresh (1 day) > 7200 ; retry (2 hours) > 8640000 ; expire (100 days) > 86400 ) ; minimum (1 day) > > ; name servers > IN NS stargate.crcfx.com. > IN NS ns1.pbi.net. > IN NS ns2.pbi.net. > stargate IN A 63.x.x.218 > ns1.pbi.net. IN A 206.13.28.11 > ns2.pbi.net. IN A 206.13.29.11 > > ~~~~~~~~~~~~~~~~~~~~~ > 'crcfx-reverse' says: > ~~~~~~~~~~~~~~~~~~~~~ > > @ IN SOA stargate.crcfx.com. root.crcfx.com. ( > 2000042901 ; Serial (date, 2 digits version of day) > 86400 ; refresh (1 day) > 7200 ; retry (2 hours) > 8640000 ; expire (100 days) > 86400 ) ; minimum (1 day) > > IN NS stargate.crcfx.com. > IN NS ns1.pbi.net. > IN NS ns2.pbi.net. > > 218.x.x.63.in-addr.arpa IN PTR stargate.crcfx.com. > 11.28.13.206.in-addr.arpa IN PTR ns1.pbi.net. > 11.29.13.206.in-addr.arpa IN PTR ns2.pbi.net. > > ~~~~~~~~~~~~~~~~~~~~~ > 'localhost.rev' says: > ~~~~~~~~~~~~~~~~~~~~~ > > ; From: @(#)localhost.rev 5.1 (Berkeley) 6/30/90 > ; $FreeBSD: src/etc/namedb/PROTO.localhost.rev,v 1.4.2.1 1999/08/29 14:19:29 > peter Exp $ > ; > ; This file is automatically edited by the `make-localhost' script in > ; the /etc/namedb directory. > ; > > @ IN SOA stargate.crcfx.com. root.stargate.crcfx.com. ( > 2000042901 ; Serial > 86400 ; Refresh (1 day) > 7200 ; Retry (2 hours) > 8640000 ; Expire (100 days) > 86400 ) ; Minimum > IN NS stargate.crcfx.com. > 1 IN PTR localhost.crcfx.com. > > ~~~~~~~~~~~~~~~~~~~ > 'resolv.conf' says: > ~~~~~~~~~~~~~~~~~~~ > > domain crcfx.com > nameserver 127.0.0.1 > nameserver 192.x.x.1 > nameserver 63.x.x.218 > nameserver 206.13.28.11 > nameserver 206.13.29.11 > > ~~~~~~~~~~~~~~~~~~ > 'named.conf' says: > ~~~~~~~~~~~~~~~~~~ > > options { > directory "/etc/namedb"; > > forwarders { > 206.13.28.11; > }; > > zone "." { > type hint; > file "named.root"; > }; > > zone "0.0.127.IN-ADDR.ARPA" { > type master; > file "localhost.rev"; > }; > > zone "crcfx.com" { > type master; > file "db.crcfx.com"; > }; > > zone "0.x.192.IN-ADDR.ARPA" { > type master; > file "crcfx-reverse"; > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Sorry, > > This is a lot to swallow, but they are all the pertinent files, in regards > to the problem. I would appreciate any feedback on how to get our local name > server to do proper zone transfers to our upstream ISP, and to get a proper > 'nslookup stargate.crcfx.com' from outside our LAN ...same thing. > > TIA > Ron > > ________________________________________________________________________ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message --------------AA2BA8898E99FD0E9F3CBCFE Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Uh Ron, check your firewall rules....I've taken the liberty in highlighting those that I feel are suspect....

--
Cheers,
Mikel
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+
| Optimized Computer Solutions, Inc        http://www.ocsny.com
| 39 W14th Street, Suite 203                   212 727 2238  x132
| New York, NY 10011
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+

Ron Smith wrote:

Hi all,

O.K. gang I need your help on this one. I have a particular problem that I
can't seem to solve on my own. Here's what's happening:

I've configured a dual-homed, DSL gateway with NAT and IPFILTER. Everything
works fine for those on the LAN when browsing HTTP. DNS is also running on
this machine as primary and I have a name server at the ISP as secondary.
However, the problem is that when looking for the domain name "crcfx.com"
out on the web, It's not seen. An error message comes up saying: "A network
error occurred: Unable to connect to server. The server may be down or
unreachable." Also, I don't get a proper response, from outside our LAN,
when doing an 'nslookup stargate.crcfx.com', which has the primary DNS
running locally. This is preventing us from putting other services on-line,
such as 'HTTP' and 'SMTP'. I've talked to several sources (including my
ISP), to no avail. There's lots of confusion all around. I have a suspicion
my problem may stem from the way my zones are set up, or the firewall rules,
but I'm not sure. Anyway, here are the details:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ping 127.0.0.1 (loopback)
ping 192.x.x.1 (inside interface)
ping 63.x.x.218 (outside interface)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

All show 0% packet loss.

~~~~~~~~~~~~~~~
'rc.conf' says:
~~~~~~~~~~~~~~~

# This file now contains just the overrides from/etc/defaults/rc.conf #
please make all changes to this file.

# -- sysinstall generated deltas -- #
ifconfig_fxp0="inet 192.x.x.1  netmask 255.255.255.0"
ifconfig_pn0="inet 63.x.x.218 netmask 255.255.255.248"
hostname="stargate.crcfx.com"
linux_enable="YES"
moused_enable="YES"
gateway_enable="YES"
defaultrouter="63.x.x.217"
# -- The following deltas were generated by Ron Smith on Apr. 17, 2000
firewall_enable="YES"
firewall_type="simple"
firewall_script="/etc/rc.firewall"
inetd_enable="NO"
sendmail_enable="NO"
dumpdev=/dev/wd0s1b
natd_enable="YES"
natd_interface="pn0"
named_enable="YES"

~~~~~~~~~~~~~~~~~~~
'rc.firewall' says:
~~~~~~~~~~~~~~~~~~~

# set these to your outside interface network and netmask and ip
oif="pn0"
onet="63.x.x.216"
omask="255.255.255.248"
oip="63.x.x.218"

# set these to your inside interface network and netmask and ip
iif="fxp0"
inet="192.x.x.0"
imask="255.255.255.0"
iip="192.x.x.1"

# Stop spoofing
$fwcmd add deny all from ${inet}:${imask} to any in via ${oif}
$fwcmd add deny all from ${onet}:${omask} to any in via ${iif}

# Stop RFC1918 nets on the outside interface
$fwcmd add deny all from 192.x.0.0:255.255.0.0 to any via ${oif}
#$fwcmd add deny all from any to 192.x.0.0:255.255.0.0 via ${oif} $fwcmd add
deny all from 172.16.0.0:255.240.0.0 to any via ${oif}
$fwcmd add deny all from any to 172.16.0.0:255.240.0.0 via ${oif}
$fwcmd add deny all from 10.0.0.0:255.0.0.0 to any via ${oif}
$fwcmd add deny all from any to 10.0.0.0:255.0.0.0 via ${oif}

# Allow ICMP inside only
#$fwcmd add deny icmp from any to any via ${oif}
#$fwcmd add allow icmp from ${inet}:${imask} to ${inet}:${imask} via ${iif}

# Allow TCP through if setup succeeded
$fwcmd add pass tcp from any to any established

# Allow setup of incoming email
#$fwcmd add pass tcp from any to ${oip} 25 setup

# Allow access to our DNS
$fwcmd add pass tcp from any to ${oip} 53 setup

# Allow access to our WWW
#$fwcmd add pass tcp from any to ${oip} 80 setup

# Reject&Log all setup of incoming connections from the outside
$fwcmd add deny log tcp from any to any in via ${oif} setup

# Allow setup of any other TCP connection
$fwcmd add pass tcp from any to any setup

# Allow DNS queries out in the world
$fwcmd add pass udp from any 53 to ${oip}
$fwcmd add pass udp from ${oip} to any 53
$fwcmd add pass udp from ${inet}:${imask} to any 53

# Allow stuff to 192 net in from the outside, since we're
# checking after NAT does the conversion
$fwcmd add allow udp from any 53 to ${inet}:${imask} via ${oif}
$fwcmd add allow udp from any 53 to ${inet}:${imask} via ${iif}

# Allow NTP queries out in the world
$fwcmd add pass udp from any 123 to ${oip}
$fwcmd add pass udp from ${oip} to any 123

# Everything else is denied as default.

elif [ "${firewall_type}" != "UNKNOWN" -a -r "${firewall_type}" ]; then
$fwcmd ${firewall_type}
fi

~~~~~~~~~~~~~~~~~~~~~~~
'whois crcfx.com' says:
~~~~~~~~~~~~~~~~~~~~~~~

Whois Server Version 1.1

Domain names in the .com, .net, and .org domains can now be registered
with many different competing registrars. Go to http://www.internic.net for
detailed information.

Domain Name: CRCFX.COM
Registrar: REGISTER.COM, INC.
Whois Server: whois.register.com
Referral URL: www.register.com
Name Server: NS1.PBI.NET
Name Server: STARGATE.CRCFX.COM
Updated Date: 28-apr-200

>>>Last update of whois database: Wed, 3 May 00 04:41:29 EDT <<<

The Registry database contains ONLY .COM, .NET, .ORG, .EDU domains and
Registrars.

Access to register.com's WHOIS information is for informational purposes
only.  Register.com makes this information available
"as is," and does not guarantee its accuracy.  The compilation, repackaging,
dissemination or other use of register.com's WHOIS information in its
entirety, or a substantial portion thereof, is expressly prohibited without
the prior written consent of register.com.  By accessing and using our WHOIS
information, you agree to these terms.

Organization:
Cinema Research Corp
6860 Lexington Ave
Hollywood, CA 90038
US

Registrar..: Register.com (http://www.register.com)
Domain Name: CRCFX.COM
Created on..............: Fri, Mar 24, 2000
Expires on..............: Sat, Mar 24, 2001
Record last updated on..: Fri, Apr 28, 2000

Administrative Contact:
Smith, Ron  ronnetron@hotmail.com
323-460-4111

Technical Contact, Zone Contact:
Internic, Registrar  internic-free@register.com
212-594-988

Domain servers in listed order:

STARGATE.CRCFX.COM                               63.x.x.218
NS1.PBI.NET                                      206.13.28.11

Register your domain name at http://www.register.com

~~~~~~~~~~~~~~~~~
ifconfig -a says:
~~~~~~~~~~~~~~~~~

fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.x.x.1 netmask 0xffffff00 broadcast 192.x.x.255

pn0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 63.x.x.218 netmask 0xfffffff8 broadcast 63.x.x.223

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'netstat -na crcfx.com' says:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address         Foreign Address      (state)
icmp       0      0 *.*                   *.*
tcp        0      0 *.111                 *.*                  LISTEN
tcp        0      0 127.0.0.1.53          *.*                  LISTEN
tcp        0      0 63.x.x.218.53         *.*                  LISTEN
tcp        0      0 192.x.x.1.53          *.*                  LISTEN
udp        0      0 *.111                 *.*
udp        0      0 *.1024                *.*
udp        0      0 127.0.0.1.53          *.*
udp        0      0 63.x.x.218.53         *.*
udp        0      0 192.x.x.1.53          *.*
udp        0      0 *.514                 *.*

~~~~~~~~~~~~~~~~~~~~~
'db.crcfx.com' says:
~~~~~~~~~~~~~~~~~~~~~

; Definition of zone crcfx.com
crcfx.com.      IN      SOA     stargate.crcfx.com. root.crcfx.com. (
                2000042901 ; Serial (date, two digits version of day)
                86400   ; refresh (1 day)
                7200    ; retry (2 hours)
                8640000 ; expire (100 days)
                86400 ) ; minimum (1 day)

; name servers
                IN      NS      stargate.crcfx.com.
                IN      NS      ns1.pbi.net.
                IN      NS      ns2.pbi.net.
stargate        IN      A       63.x.x.218
ns1.pbi.net.    IN      A       206.13.28.11
ns2.pbi.net.    IN      A       206.13.29.11

~~~~~~~~~~~~~~~~~~~~~
'crcfx-reverse' says:
~~~~~~~~~~~~~~~~~~~~~

@     IN     SOA   stargate.crcfx.com.      root.crcfx.com. (
                   2000042901 ; Serial (date, 2 digits version of day)
                   86400   ; refresh (1 day)
                   7200    ; retry (2 hours)
                   8640000 ; expire (100 days)
                   86400 ) ; minimum (1 day)

      IN     NS    stargate.crcfx.com.
      IN     NS    ns1.pbi.net.
      IN     NS    ns2.pbi.net.

218.x.x.63.in-addr.arpa         IN      PTR     stargate.crcfx.com.
11.28.13.206.in-addr.arpa       IN      PTR     ns1.pbi.net.
11.29.13.206.in-addr.arpa       IN      PTR     ns2.pbi.net.

~~~~~~~~~~~~~~~~~~~~~
'localhost.rev' says:
~~~~~~~~~~~~~~~~~~~~~

;       From: @(#)localhost.rev 5.1 (Berkeley) 6/30/90
; $FreeBSD: src/etc/namedb/PROTO.localhost.rev,v 1.4.2.1 1999/08/29 14:19:29
peter Exp $
;
; This file is automatically edited by the `make-localhost' script in
; the /etc/namedb directory.
;

@     IN     SOA     stargate.crcfx.com. root.stargate.crcfx.com. (
                     2000042901 ; Serial
                     86400      ; Refresh (1 day)
                     7200       ; Retry (2 hours)
                     8640000    ; Expire (100 days)
                     86400 )    ; Minimum
      IN     NS      stargate.crcfx.com.
1     IN     PTR     localhost.crcfx.com.

~~~~~~~~~~~~~~~~~~~
'resolv.conf' says:
~~~~~~~~~~~~~~~~~~~

domain  crcfx.com
nameserver 127.0.0.1
nameserver 192.x.x.1
nameserver 63.x.x.218
nameserver 206.13.28.11
nameserver 206.13.29.11

~~~~~~~~~~~~~~~~~~
'named.conf' says:
~~~~~~~~~~~~~~~~~~

options {
      directory "/etc/namedb";

        forwarders {
              206.13.28.11;
        };

zone "." {
      type hint;
      file "named.root";
};

zone "0.0.127.IN-ADDR.ARPA" {
      type master;
      file "localhost.rev";
};

zone "crcfx.com" {
      type master;
      file "db.crcfx.com";
};

zone "0.x.192.IN-ADDR.ARPA" {
      type master;
      file "crcfx-reverse";

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Sorry,

This is a lot to swallow, but they are all the pertinent files, in regards
to the problem. I would appreciate any feedback on how to get our local name
server to do proper zone transfers to our upstream ISP, and to get a proper
'nslookup stargate.crcfx.com' from outside our LAN ...same thing.

TIA
Ron

________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message


 
 
  --------------AA2BA8898E99FD0E9F3CBCFE-- --------------C455D02C0A2C666CF8F47901 Content-Type: text/x-vcard; charset=us-ascii; name="mikel.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Mikel Content-Disposition: attachment; filename="mikel.vcf" begin:vcard n:King;Mikel tel;fax:2124638402 tel;home:http://www.upan.org tel;work:2127272100 x-mozilla-html:TRUE org:Optimized Computer Solutions version:2.1 email;internet:mikel@ocsny.com title:Director of Network Operations & Technology adr;quoted-printable:;;39 W14th St.=0D=0ASte 203;New York;NY;10011;US note;quoted-printable:fBSD, PHP, MySql and OCS Rule!!!=0D=0A=0D=0AGoal is to be MS free by the end of 2k. x-mozilla-cpt:;7312 fn:Mikel King end:vcard --------------C455D02C0A2C666CF8F47901-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message