[ale] dig works, ping doesn't ( was [ale] DNS lookups slooowwww.....)

Keith Hopkins hne at inetnow.net
Tue Oct 23 18:13:05 EDT 2001 

John Wells wrote:

> Keith,
> 
> Thanks for the reply.
> 
> The short and sweet of it is this.  There are
> basically four machines in this scenario.  
> 
> - fireman (my machine)
> - internalnameserver
> - externalnameserver1 (38.2.3.4)
> - externalnameserver2 (38.2.3.5)
> 
> fireman is a test box we were setting up as a firewall
> and possibly a proxy (if it ever moved into
> production, it would only serve one of these
> functions).
> 
> As it is now, fireman has two NICS.  One is connected
> to an external T1 line (to the internet).  The other
> is plugged into our internal network.  I've been
> trying to get the machine configured so that it can
> resolve hosts on both the internal and external
> networks.
> 
> The fireman entry in /etc/resolv.conf came to be by
> trial and error.  If I inserted it into
> /etc/resolv.conf, dig and nslookups would work for
> both internal and external hosts.  If I remove it,
> then neither works (internal or external).  I guess
> this would point to a problem with named's
> configuration...
> 
> As you might have guessed, this is my first grapple
> with named.  Methinks I'll dive into the rather long
> chapter in USAH before proceeding... ;-)
> 
> Thanks to all...
> 
> John


This might help a whole lot.  It's from the named.conf man page:

   Forwarding can also be configured on a per-zone basis, allowing for the
      global forwarding options to be overridden in a variety of ways.  You can
      set particular zones to use different forwarders, or have different
      forward only/first behavior, or to not forward at all.  See THE ZONE
      STATEMENT section for more information.

Set up a zone for your internal addresses/domains, that points to internalnameserver.  Setup a second zone (or maybe default it can default) so everything else go to your external name servers.

Lost in Tokyo,
   Keith




-- 
"hne at inetnow.net" Copyright 1996-2001.  Not for distribution without express permission.


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list