News: This forum is now permanently frozen.
Pages: [1]
Topic: DNS forwarder ignores domain override  (Read 2749 times)
« on: May 06, 2010, 22:27:24 »
ffc *
Posts: 7

if clients in one of my local networks try to connect to another local host in the same LAN (e.g. via ping HOSTNAME) they get a response from an internet IP that claims to have the local FQDN (HOSTNAME.mydomain.stx). instead the name-IP-connection should bring a local IP (192.168.1.xxx).

my setup:
modem/router (ISP: Deutsche Telekom) -- m0n0 -- localnet(s)
-let us assume I have mydomain.stx in my m0n0 setup (also in reality I have configured a non-routed-TLD)
-the m0n0's IP within this LAN: 192.168.1.1
-the modem receives two nameserver-IPs on logging in, the m0n0 gets its WAN IP from the modem via DHCP and also via DHCP override it gets its nameservers from the modem. (using fix nameservers didnt work very well since the ISP doesnt disclose publicly its working DNS server IPs and seems to slow down or block other DNS servers)
-the m0n0 serves as a DHCP and DNS server to the localnet. DNS forwarder is on.
-in the DNS forwarder section I also configured a domain override rule to prevent m0n0 from forwarding DNS requests for local names (like HOSTNAME.mydomain.stx) to the modem. the entry: Domain: stx // IP: 192.168.1
-most of the boxes in the localnet are running windows.

and despite the domain override: if I enter "ping HOSTx" within the LAN (assuming HOSTx got its IP from the m0n0 via DHCP) I get a reply from 80.156.86.78! if I issue a NS-lookup like "dig" or "host HOSTx" from within any subnet of the m0n0 I get two entries, the above one and another one. regardless which local (DHCP-registered) hostname I enter!

I first thought the modem has gone nuts, but it seems that even the m0n0 does not prevent this from happening. does anybody has a clue?

that it must be a DHCP/DNS-server problem I figured when I switched of the "let DNS server list be overriden by DHCP" on the m0n0 and configured three nameservers manually in "General setup": the phenomen disappered (ping HOSTx->reply from a local IP). but keeping it this way wasn't an option because of the lack of a reliable nameserver that would serve the hundreds of requests from here (normally between 500 and 1000 connections in firewall states) within acceptable time.

any idea?


 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines