cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2689
Views
0
Helpful
27
Replies

DNS resolve on intranet for hosted domain

kayasaman
Level 1
Level 1

Hi,

I am wondering how I can get the machines on my internal network to find my server as currently they are finding http server on my 857W and instead of my website I am getting into SDM!

I can get from WAN to LAN fine as port 80 has been forwarded to my server IP address but I think it's something to do with my dhcp dns relay.

I have included my config file and I would be greatful for any help and assistance!

Thanks in advance

27 Replies 27

t814687
Level 1
Level 1

Hi,

can you try the following:

ip nat outside source static tcp interface Dialer0 80 192.168.1.51 80

This should translate the DNS reply into the private address of your web server.

-serg

Another option is to add private IP to your hesktop's hosts file.

-serg

Thanks Serg, sorry it's taken so long to reply!

I tried: ip nat outside source static tcp interface Dialer0 80 192.168.1.51 80

However my router doesn't like the syntax so I adapted it to: ip nat outside source static tcp 81.178.2.118 80 192.168.1.51 80 giving it my static WAN IP address instead.

This still didn't solve my issue though as I am still unable to resolve my URL.

My current hosts file looks like this:

[code]

127.0.0.1 localhost

127.0.1.1 optiplex-networks.tk OptiplexGX110

192.168.1.51 optiplex-networks.tk OptiplexGX110 mailhost

81.178.2.118 optiplex-networks.tk OptiplexGX110 mailhost

# The following lines are desirable for IPv6 capable hosts

::1 ip6-localhost ip6-loopback

fe00::0 ip6-localnet

ff00::0 ip6-mcastprefix

ff02::1 ip6-allnodes

ff02::2 ip6-allrouters

ff02::3 ip6-allhosts

[/code]

which I think should be ok?

Hi Kaya, no problem, it's an interesting issue. we can try this :

ip nat outside source static udp 81.178.2.118 53 192.168.1.51 53

so the payload in the DNS replies from the ISP DNS will be NATed back to your private IP of the server.

as for the hosts file - I was talking about your PCs hosts file, they should have this line

192.168.1.51 optiplex-networks.tk

and the DNS reply will be overridden.

thanks

-serg

I add the line:

ip nat outside source static udp 81.178.2.118 53 192.168.1.51 53

to my router and commented out all the lines regarding my external interfaces to my server in the hosts file and added:

192.168.1.51 optiplex-networks.tk

as a standalone for interface eth0.

However at this point I lost all connectivity to the server; ssh got kicked out, nfs exports went offline and DNS lookups for my domain still didn't work as my WAN IP 81.178.2.118 still kept refusing to 'loopback'.

I don't know if this has anything to do with the fact that I'm using a free domain which is forwarding the URL www.optiplex-networks.tk to my WAN IP address?

I don't seem to be able to access my FTP or SMTP services from the domain either, however I can access them via WAN IP which could be due to the fact that the company dot.tk where I got the domain from has set up a light DNS relay which only works for port 80?

Kaya,

sorry that the change caused the disruption on the network. It should not have that impact.

When you added the static NAT for udp what happened? Did you loose the connectivity?

I assume the modifications of the hosts file were done on a test PC, not on the actual server; server hosts file should stay the same.

What's your PC configuration? Can you post the ipconfig /all

-serg

When I added the static NAT for udp I lost connectivity to the server itself since it has the IP 192.168.1.51.

I haven't got a test PC to work with so unfortunately I have to modify my server 'live', I've re-posted the config files (for my router, the hosts file, and ifconfig)

The server is a Debian/Linux based machine which is obviously being customized to suite my requirements.

Looks like we need to move away from the design where you are using your router as a DNS forwarder...

Can you configure your linux server as an internal DNS server? Internal DNS server should resolve it's name and return it's private IP to the clients. For the external names your local DNS server should be configured as a forwarder. It should use your router 192.168.1.1 (it's a forwarer itself) to get the external name resolution.

Hope it makes sense.

-serg

I thought about doing this before but was under the impression that the router would be able to either loop DNS quieries back through it or route the particular hostname to a spcified IP address.

Whenever I type in the domain name internally on a browser I get the error: connection refused by 81.178.2.118 which leads me to beleive that either the DNS quiery is stopping at the WAN interface or that the WAN interface is getting looked up.

I will comence building teh DNS server but if there is another way to solve this through the actual router it would be great.

1) On an internal test PC can you do

nslookup www.cisco.com and post the result?

2) Can you browse an internet website by IP?

Your router is forwarding DNS queries to those IP:

62.241.162.200

62.241.163.201

Looks like those are pblic ISP DNS servers but I can not get to them for some reason... Are they on-line and working?

Can you ping them from your LAN?

-serg

This is the result for nslookup:

kayasaman@Vaio:~$ nslookup www.cisco.com

Server: 192.168.1.1

Address: 192.168.1.1#53

Non-authoritative answer:

Name: www.cisco.com

Address: 198.133.219.25

If I run the command traceroute, I get the following:

kayasaman@Vaio:~$ traceroute www.cisco.com

traceroute to www.cisco.com (198.133.219.25), 30 hops max, 40 byte packets

1 192.168.1.1 (192.168.1.1) 0.894 ms 0.901 ms 0.845 ms

2 l1.ar03.pipex.gs1.dsl.pipex.net (62.241.167.230) 1228.211 ms 1181.917 ms 1111.135 ms

3 ge-0-0-0.1.cr02.gs1.dsl.pipex.net (62.241.167.89) 1204.992 ms 1200.658 ms 1271.727 ms

4 GigabitEthernet4-0.GW4.LND2.ALTER.NET (146.188.53.221) 1298.629 ms 1413.395 ms 1253.794 ms

5 so-0-0-0.XR1.LND2.ALTER.NET (158.43.233.114) 1479.195 ms 1371.895 ms 1167.239 ms

6 so-2-0-0.TL2.LND2.ALTER.NET (146.188.7.226) 1324.075 ms 1044.654 ms 1096.132 ms

7 ge-1-1-0.IL1.NYC12.ALTER.NET (146.188.15.25) 1195.107 ms 1140.473 ms 1174.649 ms

8 0.so-7-0-0.IL3.NYC9.ALTER.NET (146.188.15.6) 1101.772 ms 973.340 ms 1008.659 ms

9 0.so-1-0-0.XL1.SJC1.ALTER.NET (152.63.50.26) 990.649 ms 1240.057 ms 1351.373 ms

10 POS6-0.GW5.SJC1.ALTER.NET (152.63.54.17) 1344.897 ms 1033.331 ms 1179.127 ms

11 cisco-sjc-gw.customer.alter.net (157.130.198.78) 1071.211 ms 1220.811 ms 1259.922 ms

12 sjck-dmzbb-gw1.cisco.com (128.107.239.5) 1247.790 ms 1421.192 ms 1572.387 ms

13 sjck-dmzdc-gw2-gig2-1.cisco.com (128.107.224.77) 1397.973 ms 1240.912 ms 1394.438 ms

14 * * *

15 * * *

16 * * *

17 * * *

18 * * *

19 * * *

20 * * *

21 * * *

22 * * *

23 * * *

24 * * *

25 * * *

26 * * *

27 * * *

28 * * *

29 * * *

30 * * *

I have full DNS capability however there was a problem in auto resolving my IPS's DNS servers which is why I had to input them manually. They are however relayed through 192.168.1.1 which is acting as gateway, dhcp server and dns server.

Ok I've created the DNS server but stll the router is sending the lookup outwards to the WAN port?

I get this reply:

kayasaman@Vaio:~$ nslookup www.optiplex-networks.tk

Server: 192.168.1.51

Address: 192.168.1.51#53

** server can't find www.optiplex-networks.tk: SERVFAIL

I'm really confused.

Before going forward your DNS server should resolve it's own FQDN into it's own IP address.

Make sure in your zone file for the domain optiplex-networks.tk there is an "A" record pointing to 192.168.1.51

sort of

www IN A 192.168.1.51

Did you create that?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: