Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can only serve up web pages local

Status
Not open for further replies.
optimised

optimised

Technical User
Jun 21, 2001
96
US
I'm not sure whether I have a dns configuration error or server can't be reached remotely.
I have been able to reach domains locally but not from an external pc on the internet.I can ping and ftp successfully.
What are some 'dig' commands that I could run to see if my nameservers can even be reached remotely.

I've tried these and recieved answers for them.
Dig @ip ns domain.com fine
Dig domain.com fine
Dig @localhost fine

What's interesting is that my ip address configured on eth0 is 172.x.x.x private address right. My isp provider supplied me with two public ip addresses 205.x.x.x which I have registered for my nameservers show using whois.
If I use the 205.x.x.x ip on eth0 then I lose internat connection. The isp assures me that other clients are
running web servers.

If I can ftp to my box using the 205.x.x.x that's what's confusing me. Would'nt the 205.ip needed to be used on the physical machine.

thks

 
Sort by date Sort by votes
Hi,

If you have an external box on which you don't have 'dig', e.g. win/nt, could could also test using 'nslookup'.

From an external box, just do something like the following :

c:\WINNT>nslookup
> server ns1.yourdomain.com (or server 205.x.x.x)
> set verbose
> ls -d yourdomain.com (if zone-transfers allowed)
> (resolve individual addr)
> set type = NS (show nameservers only
> yourdomain.com (info for domain as per 'type')
> set type = MX (show mail exchangers only)
> yourdomain.com
> ? (help)
> exit
c:\WINNT>

If you can ftp to an address in your domain from outside using the canonical name (vs ip address) then the name resolution must be working. i.e. can you do ftp://ftp.yourdomain.com rather than ftp://205.x.x.x ? If only the latter thats just ip routing. You need the first one to work to prove that the dns is correct.

The 172.x.x.x vs 205.x.x.x should be transparent. Internet routing would pass 205.x.x.x to your isp and they would do nat to pass it to you. You local settings would be entirely 172.x.x.x . What happens is a packet arrives at the isp and their s/w changes the destination address to yours and routes it on. This is similar to when you use IP masquerading to allow lan users to share an internet connex. In that case packets arrive at the gateway with the internal lan IP address as source but all leave the gateway box with a 'zapped' source ip which is that of the internet interface. When the packet comes back the gateway reverses the translation and changes the destination addr from that of the internet interface to the originator's local lan ip address. It's all designed to work transparently.

What you could do is use NMAP to scan from outside to see what ports are open on your box - you'd need 80 for apache, 53 for DNS, etc, etc. See . If you've got an externally connected linux box with 'X' you can install the nmap-fe (front end) gui interface and its pretty simple to run.

Bye4now
 
Upvote 0 Downvote
Hi,
It appears that port 53 is NOT opened via scan on ports,
I don't know where to look to enable it or if my isp has it filtered off. How can I check to see if it is enabled on my box.
I guess by the default during the rh 7.1 installation it is off?
btw-right now I can only ftp to ip address. I'm guessing that's because port53 is closed correct.

thks,joe
 
Upvote 0 Downvote
Hi,

Yes .. DNS uses port 53 (both tcp and udp protocols) and port 953 for the control connex. If you have nmap, try a scan yourself on the box, i.e scan 127.0.0.1 and compare that with a scan done from outside on 205.x.x.x . Unless they've done something special with Bind 9 to hide it from scans, I would certainly expect to see port 53 open on your 205.x.x.x address. If not, and its open locally, its either being inadvertently firewalled at your end or your ISP is not forwarding those packets for some reason.

Rgds
 
Upvote 0 Downvote
Hi ifincham,
I have downloaded two versions one superscan for my win98 box which is an outside pc and namp which I loaded on my dns server namp scan 12.0.0.1 shows port 53 open. Could you descreetly check it for me from your box.
I need to know for sure if my isp has firewalled it or I have errors in my config files somewhere. 20.12.9.28

Thanks Joe
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MP2023
  • Locked
  • Question
mail Server
Replies
0
Views
247
MP2023
MP2023
MP2023
  • Locked
  • Question
Mail Server zimbra
Replies
0
Views
264
MP2023
MP2023
bk Patel
  • Locked
  • Question
Openscape 4000 Eco Server
Replies
3
Views
424
bk Patel
bk Patel
Phi_1.618
  • Locked
  • Question
Linux server
Replies
2
Views
310
SamBones
SamBones
mjj4golf2
  • Locked
  • Question
Help with setting up a media server
Replies
2
Views
230
vacunita
vacunita

Part and Inventory Search

Sponsor

Back
Top