[MaraDNS list] Fwd: Fwd: MaraDNS doesn't respond to queries from the bind addr subnet
Dave Owens
dave at teamunify.com
Wed Jun 5 14:29:06 EDT 2013
Hi Remmy,
We are using maradns-2.0.06.
You are correct that remote queries for the A record of
jenkins.teamunify.com (10.11.13/24) are returned with no problem. The same
is true for queries against the many other domains for which we are
authoritative... such as acswimteam.org. However, queries for the A record
tensub.teamunify.com (10.10/16) also fail.
I also tested adding the topica A record to the teamunify.net zone, and A
records queries are not returned.
We are running stateless firewalls on both the server and at the edge of
our network. Should be able to rule the firewalls out as other A record
queries succeed, just this specific one fails.
We use the teamunify.net domain for infrastructure-related things, and the
teamunify.com domain for public services. This configuration has not
previously been a problem (we've been running MaraDNS for at least three
years).
Dave Owens
TeamUnify, LLC
On Wed, Jun 5, 2013 at 10:47 AM, Remco Rijnders <remco at webconquest.com>wrote:
> On Wed, Jun 05, 2013 at 09:50:32AM -0700, Dave wrote in
> <CA+OQrzjE=fsUNbhQDesgXqSF_**rvs+Qis4N02=iuAvYwtMj9zhA@**mail.gmail.com<iuAvYwtMj9zhA at mail.gmail.com>
> >:
>
> Hi Sam and list members,
>>
>> I have a mararc.base like this:
>>
>> ipv4_bind_addresses = "192.168.50.250"
>> synth_soa_origin = "ns1.teamunify.net"
>> maradns_uid = 65500
>> maradns_gid = 65500
>> chroot_dir = "/etc/maradns"
>> default_rrany_set = 15
>> verbose_level = 2
>> hide_disclaimer = "yes"
>> tcp_convert_acl = "0.0.0.0/0"
>> tcp_convert_server = "192.168.50.250"
>> recursive_acl = "192.168.50.0/24, 10.10.0.0/16, 127.0.0.1"
>> csv2 = {}
>>
>> I have added a record to the teamunify.com.zone file like this:
>>
>> topica.% 192.168.50.141 ~
>>
>> I am able to get the A record returned when I query the server from the
>> local subnet. I am not able to get the A record returned when I query the
>> server remotely.
>>
>> Logging at verbose_level = 3 shows that MaraDNS does receive the query:
>> Query from: $PUBLIC_IP Atopica.teamunify.com.
>> ...but there are no errors in the log related to the query.
>>
>> We have other private IP A records in that zone file, and all can return A
>> records when queried remotely. None of the working addresses are in the
>> 192.168.50.0/24 subnet, however.
>>
>
> Hi Dave,
>
> While I don't know the answer to your query right now... am I correct in
> understanding that remotely querying for an address with an A record in the
> 10.10 range for example works?
>
> What version of maradns are you using?
>
> Then, I notice the use of both teamunify.net and teamunify.com domains in
> your example. Is that not causing any issues / explain the difference
> between the internal and external set up?
>
> [remmy at silvertown ~ (master)]$ askmara Atopica.teamunify.com.
> 208.100.130.99
> # Querying the server with the IP 208.100.130.99
> # Hard Error: Timeout
> [remmy at silvertown ~ (master)]$ askmara Atopica.teamunify.net.
> 208.100.130.99
> # Querying the server with the IP 208.100.130.99
> # Remote server said: NAME ERROR
> # Question: Atopica.teamunify.net.
> # NS replies:
> #teamunify.net. +86400 soa ns1.teamunify.net. hostmaster at teamunify.net.
> 176478890 7200 3600 604800 3600
> # AR replies:
>
> The timeout in the first commands makes me ask: Any firewalling in place?
>
> Remmy
>
More information about the list
mailing list