From owner-freebsd-isp Thu Oct 21 11:11:54 1999 Delivered-To: freebsd-isp@freebsd.org Received: from guardian.fortress.org (guardian-ext.fortress.org [199.202.137.242]) by hub.freebsd.org (Postfix) with ESMTP id 5406E14F78 for ; Thu, 21 Oct 1999 11:11:49 -0700 (PDT) (envelope-from andrew@guardian.fortress.org) Received: from localhost (andrew@localhost) by guardian.fortress.org (8.9.3/8.8.8) with ESMTP id OAA90198; Thu, 21 Oct 1999 14:11:46 -0400 (EDT) (envelope-from andrew@guardian.fortress.org) Date: Thu, 21 Oct 1999 14:11:46 -0400 (EDT) From: Andrew Webster Reply-To: andrew@pubnix.net To: Jack Wenger Cc: freebsd-isp@FreeBSD.ORG Subject: Re: DNS can't resolve a single domain In-Reply-To: <3.0.6.32.19991021115032.009617d0@mailbag.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a known problem with Firewall-1 (yes off-topic). Your internal DNSes need to have translated addresses to the outside world otherwise your will not function correctly. I do not know "what" the exact cause is, but this is a valid functional work-around. See http://www.phoneboy.com for more info on Firewall-1 On Thu, 21 Oct 1999, Jack Wenger wrote: > I can't resolve diginsite.com, or apple.com either. Also, my firewall is > Checkpoint Firewall 1 v4 running on (yeecchhh) NT (damn politics). My > (internal) DNS server is on an RS6000 running named and AIX. I'm using our > providers name server for outside DNS querys. As far as logging, ndc > doesn't exist on AIX. Anyone no of the equivalent? I am monitoring my > firewall logs though and I don't see _any_ request traffic for these domains. > > > > At 12:27 PM 10/21/99 -0400, you wrote: > > > >Can it resolve its dns servers? (DIGINSITE.COM) > > > >I had one client like that here - couldnt resolve for nothing, and it > >turned out that the nic had put it on hold for non-payment - even though > >whois didnt indicate it - the only other time was a hyphenated domain. > > > >On Thu, 21 Oct 1999, Jack Wenger wrote: > > > >> This is a strange one. I'm running split DNS and my internal nameserver > >> can't resolve one domain. The domain in question is baraboonational.com. I > >> can resolve it outside of my firewall, but not inside. Everything else > >> resolves. I've added the IP and host/domain name to a couple of > >> workstations and they then can see the sight. Would someone who knows more > >> about DNS please help me? > >> Jack Wenger > >> Internet Administrator > >> Dean Health Plan > >> Madison, WI > >> 608-250-1237 > >> > >> > >> To Unsubscribe: send mail to majordomo@FreeBSD.org > >> with "unsubscribe freebsd-isp" in the body of the message > >> > > > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-isp" in the body of the message > > > > > Jack Wenger > Internet Administrator > Dean Health Plan > Madison, WI > 608-250-1237 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > Andrew Webster andrew@pubnix.net PubNIX Inc. CF E8 16 B8 A6 DB E3 C9 83 E7 96 24 25 58 15 6E P.O. Box 147 Cote Saint Luc, Quebec H4V 2Y3 tel 514-990-5911 http://www.pubnix.net fax 514-990-9443 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message