DNS resolve on intranet for hosted domain

Unanswered Question
Apr 28th, 2008
User Badges:


I am wondering how I can get the machines on my internal network to find my server as currently they are finding http server on my 857W and instead of my website I am getting into SDM!

I can get from WAN to LAN fine as port 80 has been forwarded to my server IP address but I think it's something to do with my dhcp dns relay.

I have included my config file and I would be greatful for any help and assistance!

Thanks in advance

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
t814687 Wed, 04/30/2008 - 18:53
User Badges:


can you try the following:

ip nat outside source static tcp interface Dialer0 80 80

This should translate the DNS reply into the private address of your web server.


t814687 Thu, 05/01/2008 - 04:54
User Badges:

Another option is to add private IP to your hesktop's hosts file.


kayasaman Sat, 05/03/2008 - 09:01
User Badges:

Thanks Serg, sorry it's taken so long to reply!

I tried: ip nat outside source static tcp interface Dialer0 80 80

However my router doesn't like the syntax so I adapted it to: ip nat outside source static tcp 80 80 giving it my static WAN IP address instead.

This still didn't solve my issue though as I am still unable to resolve my URL.

My current hosts file looks like this:

[code] localhost optiplex-networks.tk OptiplexGX110 optiplex-networks.tk OptiplexGX110 mailhost optiplex-networks.tk OptiplexGX110 mailhost

# The following lines are desirable for IPv6 capable hosts

::1 ip6-localhost ip6-loopback

fe00::0 ip6-localnet

ff00::0 ip6-mcastprefix

ff02::1 ip6-allnodes

ff02::2 ip6-allrouters

ff02::3 ip6-allhosts


which I think should be ok?

t814687 Sun, 05/04/2008 - 18:42
User Badges:

Hi Kaya, no problem, it's an interesting issue. we can try this :

ip nat outside source static udp 53 53

so the payload in the DNS replies from the ISP DNS will be NATed back to your private IP of the server.

as for the hosts file - I was talking about your PCs hosts file, they should have this line optiplex-networks.tk

and the DNS reply will be overridden.



kayasaman Mon, 05/05/2008 - 07:28
User Badges:

I add the line:

ip nat outside source static udp 53 53

to my router and commented out all the lines regarding my external interfaces to my server in the hosts file and added: optiplex-networks.tk

as a standalone for interface eth0.

However at this point I lost all connectivity to the server; ssh got kicked out, nfs exports went offline and DNS lookups for my domain still didn't work as my WAN IP still kept refusing to 'loopback'.

I don't know if this has anything to do with the fact that I'm using a free domain which is forwarding the URL www.optiplex-networks.tk to my WAN IP address?

I don't seem to be able to access my FTP or SMTP services from the domain either, however I can access them via WAN IP which could be due to the fact that the company dot.tk where I got the domain from has set up a light DNS relay which only works for port 80?

t814687 Mon, 05/05/2008 - 08:13
User Badges:


sorry that the change caused the disruption on the network. It should not have that impact.

When you added the static NAT for udp what happened? Did you loose the connectivity?

I assume the modifications of the hosts file were done on a test PC, not on the actual server; server hosts file should stay the same.

What's your PC configuration? Can you post the ipconfig /all


kayasaman Mon, 05/05/2008 - 08:56
User Badges:

When I added the static NAT for udp I lost connectivity to the server itself since it has the IP

I haven't got a test PC to work with so unfortunately I have to modify my server 'live', I've re-posted the config files (for my router, the hosts file, and ifconfig)

The server is a Debian/Linux based machine which is obviously being customized to suite my requirements.

t814687 Mon, 05/05/2008 - 11:04
User Badges:

Looks like we need to move away from the design where you are using your router as a DNS forwarder...

Can you configure your linux server as an internal DNS server? Internal DNS server should resolve it's name and return it's private IP to the clients. For the external names your local DNS server should be configured as a forwarder. It should use your router (it's a forwarer itself) to get the external name resolution.

Hope it makes sense.


kayasaman Mon, 05/05/2008 - 14:09
User Badges:

I thought about doing this before but was under the impression that the router would be able to either loop DNS quieries back through it or route the particular hostname to a spcified IP address.

Whenever I type in the domain name internally on a browser I get the error: connection refused by which leads me to beleive that either the DNS quiery is stopping at the WAN interface or that the WAN interface is getting looked up.

I will comence building teh DNS server but if there is another way to solve this through the actual router it would be great.

t814687 Mon, 05/05/2008 - 16:07
User Badges:

1) On an internal test PC can you do

nslookup www.cisco.com and post the result?

2) Can you browse an internet website by IP?

Your router is forwarding DNS queries to those IP:

Looks like those are pblic ISP DNS servers but I can not get to them for some reason... Are they on-line and working?

Can you ping them from your LAN?


kayasaman Mon, 05/05/2008 - 16:21
User Badges:

This is the result for nslookup:

[email protected]:~$ nslookup www.cisco.com



Non-authoritative answer:

Name: www.cisco.com


If I run the command traceroute, I get the following:

[email protected]:~$ traceroute www.cisco.com

traceroute to www.cisco.com (, 30 hops max, 40 byte packets

1 ( 0.894 ms 0.901 ms 0.845 ms

2 l1.ar03.pipex.gs1.dsl.pipex.net ( 1228.211 ms 1181.917 ms 1111.135 ms

3 ge-0-0-0.1.cr02.gs1.dsl.pipex.net ( 1204.992 ms 1200.658 ms 1271.727 ms

4 GigabitEthernet4-0.GW4.LND2.ALTER.NET ( 1298.629 ms 1413.395 ms 1253.794 ms

5 so-0-0-0.XR1.LND2.ALTER.NET ( 1479.195 ms 1371.895 ms 1167.239 ms

6 so-2-0-0.TL2.LND2.ALTER.NET ( 1324.075 ms 1044.654 ms 1096.132 ms

7 ge-1-1-0.IL1.NYC12.ALTER.NET ( 1195.107 ms 1140.473 ms 1174.649 ms

8 0.so-7-0-0.IL3.NYC9.ALTER.NET ( 1101.772 ms 973.340 ms 1008.659 ms

9 0.so-1-0-0.XL1.SJC1.ALTER.NET ( 990.649 ms 1240.057 ms 1351.373 ms

10 POS6-0.GW5.SJC1.ALTER.NET ( 1344.897 ms 1033.331 ms 1179.127 ms

11 cisco-sjc-gw.customer.alter.net ( 1071.211 ms 1220.811 ms 1259.922 ms

12 sjck-dmzbb-gw1.cisco.com ( 1247.790 ms 1421.192 ms 1572.387 ms

13 sjck-dmzdc-gw2-gig2-1.cisco.com ( 1397.973 ms 1240.912 ms 1394.438 ms

14 * * *

15 * * *

16 * * *

17 * * *

18 * * *

19 * * *

20 * * *

21 * * *

22 * * *

23 * * *

24 * * *

25 * * *

26 * * *

27 * * *

28 * * *

29 * * *

30 * * *

I have full DNS capability however there was a problem in auto resolving my IPS's DNS servers which is why I had to input them manually. They are however relayed through which is acting as gateway, dhcp server and dns server.

t814687 Mon, 05/05/2008 - 20:06
User Badges:

Before going forward your DNS server should resolve it's own FQDN into it's own IP address.

Make sure in your zone file for the domain optiplex-networks.tk there is an "A" record pointing to

sort of

www IN A

Did you create that?

kayasaman Mon, 05/05/2008 - 20:43
User Badges:

I tried putting the FQDN into the web browser of my server through an X11 tunnel over ssh with no luck! The server keeps referring to the WAN address.

My zone file is:


; BIND data file for optiplex-networks.db

; /var/named/optiplex-networks.db


@ IN SOA optiplex-networks.tk. optiplex-networks.tk. (

2008050601 ; Serial

604800 ; Refresh

86400 ; Retry

2419200 ; Expire

604800 ) ; Default TTL

IN NS dns.optiplex-networks.tk.

IN MX 10 mail.optiplex-networks.tk.

www IN A

news IN A

mail IN A

dns IN A

dns2 IN A

So definately the problem either lies with the DNS config in the server or the router itself. The server is also set to master DNS mode.

kayasaman Tue, 05/06/2008 - 06:14
User Badges:

Hi, I've managed to make some progress!

I created a new zone file:


; BIND data file for example.com


$TTL 604800

@ IN SOA optiplex-networks.tk. info.optiplex-networks.tk. (

2008051603 ; Serial

7200 ; Refresh

120 ; Retry

2419200 ; Expire

604800) ; Default TTL


@ IN NS optiplex-networks.tk.

#@ IN NS ns2.example.com.

optiplex-networks.tk. IN MX 10 mail.optiplex-networks.tk.

optiplex-networks.tk. IN A

www IN CNAME www.optiplex-networks.tk.

mail IN A

ftp IN CNAME ftp.optiplex-networks.tk.

optiplex-networks.tk. IN TXT "v=spf1 ip4: a mx ~all"

mail IN TXT "v=spf1 a -all"

Now I can resolve http://optiplex-networks.tk and ftp://optiplex-networks.tk internally from the server (well actually over my X11 tunnel) but still at least it's something!

However from my PC when I try to access the URL I can't get to it and my router keeps sending me through the WAN port again?

t814687 Tue, 05/06/2008 - 06:51
User Badges:

In the DNS you have to setup your router as forwarder. But at the same time I have no confidence that your router is working properly.

on your linux do :

nslookup [enter]

server [enter]

www.cisco.com [enter]

IF it resloves properly then work on your linux machine and set the forwarder address there. Otherwise you need to verify with DNS settings on the router.

kayasaman Tue, 05/06/2008 - 18:49
User Badges:

Is this correct? If not and there is a problem with the DNS implementation within the router how can I correct it?

Previously before using Cisco, all I had to do was put in the gateway address 192.... and the DNS would resolve. There is a big difference however between Cisco and consumer based routers and I'm still learning about IOS and networking, including server construction as I go along so any advice or howto's are really apprieciated.


t814687 Tue, 05/06/2008 - 19:53
User Badges:

Yes the router forwards DNS properly,

Now you have to configure the forwarder in your DNS using ip address of the router and test it.

Your DNS should be able resolve www.cisco.com to it's public ip.

Once that's done you need to reconfigure the DHCP pool on the router and re-point your clients to your new DNS server.


kayasaman Tue, 05/06/2008 - 20:30
User Badges:
kayasaman Tue, 05/06/2008 - 21:15
User Badges:

Ok I just sorted it, I probably have more config in here then I actually need but have a look at this new config file!

Thanks so much for your help I really apprieciate it!

Now off to try to get my VPN tunnel to work :-)

t814687 Wed, 05/07/2008 - 08:57
User Badges:

Your router is a forwarder already. Personally, I see no need for additional config other than changing DNS IP address in the dhcp scope once your linux box can correctly resolve internal and external IPs.


kayasaman Wed, 05/07/2008 - 10:19
User Badges:

I understand! I mean this was a crash course in DNS for me by building it into the server anyway so I will post on the Debian forum to see if anyone can help me with Bind9 over there, then I will revert back to the original config and see what happens.

Thanks a lot anyway for all your help and advice :-)

kayasaman Wed, 05/07/2008 - 11:42
User Badges:

Serg, if you don't mind I would like to know when the config I have currently in the router would be used?

I am just keen to learn that's all!

Also, I know it's probably not the place here to ask but since you are the "Pro" I was just hoping for some advice; I am very keen on computer networking ever since I finished my degree in electronic engineering 2 years ago and would like to start up a company offering various IT services to businesses. I am currently thinking of taking a Cisco certificate course but haven't got a clue which one to go for.

Since you have a lot of experience in the field I was just hoping that maybe you could either offer me some tips or help me get a direction.


t814687 Wed, 05/07/2008 - 13:54
User Badges:

Well, not sure about the question you asking about your router.. The config is pretty standard for VPDN tunnel server. You can do a serach on cisco.com and learn more if you are interested.

As for the courses I would start from basic CCNA course and learn the foundations. That would be my advise. Gat a lab setup, play with gear, have fun ;) good luck.


kayasaman Thu, 05/08/2008 - 03:45
User Badges:

In terms of the config question about the router I was referring to the DNS forwarding part since you said that I shouldn't have to implement it since the DNS in my server should automatically transfer.

So I was wondering when DNS forwarding like I have done would be used?

As an extra, you said that I have standard config for a vpdn tunnel server but however when I try to access with Cisco VPN client I cannot connect?


This Discussion