[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OpenBSD 3.2 & DNS.



Title: OpenBSD 3.2 & DNS.

I hope someone can help me out with MS DNS behind BSD32. Although still somewhat a nebie, I've used OpenBSD as a firewall since 2.7 with great success.

Synopsis (I've indented the relevant parts and left a brief description at the left columns:

        OpenBSD 3.2 dual NICs,
        Outside is xxx.xxx.xxx.xxx (NIC = ne3)
        Inside is  yyy.yyy.yyy.yyy   (NIC = vr0)

Particial pf.conf entires follow.

Firs NAT:
        nat on ne3 inet from yyy.yyy.yyy.0/24 to any -> ne3

Redirections:
        rdr on ne3 proto { tcp, udp } from any to xxx.xxx.xxx.0/24 port 53 -> \
                yyy.yyy.yyy.250 port 53

Blocked addreses are located here here:
        All the bad addresses are here,
       
Servies allowed are located here:
        # DNS ???
        pass in quick on ne3 proto udp from any to any port 53 keep state
                # next line probably not needed, but stuck it in for testing...
        pass in quick on ne3 proto tcp from any to any port 53 flags S/SA keep state

I then do an nslookup like so:

        FW1# nslookup 2knettrain.com
        *** Can't find server name for address 68.144.16.250: Non-existent host/domain
        Server:  ns3so.cg.shawcable.net
        Address:  24.71.223.144

        Name:    2knettrain.com
        Address:  68.144.16.250

The first line is a mystery because it is a valid domain, with a valid host. I can perform nslookups inside but not from the outside. I know I'm missing  something, but cannot seem to get my head around it. This all worked fine under BSD2.9, but I don't want to go back to an unsupported version.

I have read every mailer and hint I can find and everything seems to be configured correctly. I have MS DNS configured on the inside, but cannot seem to resolve anything to it from the outside.

What am I missing?

Any help would be HUGELY appreciated.

Thanks.

Richard Gutery