On December 22, 2003 03:40 pm, Cristian Goian wrote: > Thank you for your time Alister. > I have a content-only DNS in DMZ (tinydns), check it so I'm convice it > work, and the default gateway allready pointing to 192.168.0.1 for both DNS > server and web server. The tinydns is authoritive for all 3 domains > (althougt it is the same company). On gateway I have dnscache to resolv for > local and LAN. Listen only to 127.0.0.1 and 192.168.1.1 ... I have not 2 > network running on same wire - I have 2 separate networks : DMZ and LAN. > > I change to: > > IPTABLES -t nat -A PREROUTING --dst $DNS_1A_IP -p tcp --dport 53 \ > -j DNAT --to-destination $DMZ_DNS_1A_IP > $IPTABLES -t nat -A PREROUTING --dst $DNS_1A_IP -p udp --dport 53 \ > -j DNAT --to-destination $DMZ_DNS_1A_IP > > ... and for rest of DNS the same as above. > > > But the result it is the same: on access by IP address web server give the > page, on request by name no :(:(. From outside the same: ok by IP, no > reacheable by name. > > > query DNS (different PC than web one) no respons. When I give > > > traceroute to DNS server all packets go to my ISP, and then lost ... > > > They are not DNAT to DMZ !! Ooooooookay .... here's key factor #1 -- If NONE of the names are getting resolved, where are they supposed to be registered -- and are the DNS servers YOU are maintaining the registered DNS servers for the domains? -- can you see *any* requests to the DNS servers? -- and have you 2ndary DNS servers outside your network? -- are they correct?
