From: Vetch <vet...@go...> - 2008-02-11 12:59:24
|
Hi everyone, I forgot to say, along with the inability to resolve hosts on internal.remote.lan, I am also finding that after a couple of hours/minutes, DNSMasq stops working. I checked this out with NSlookup and got replies of 2 second time outs. I then set DNSmasq to log-queries, and I could see that the requests were going out to all the servers, but the system was not receiving any replies... Any ideas? Cheers, Jx ---------- Forwarded message ---------- From: Vetch <vet...@go...> Date: Feb 11, 2008 12:19 PM Subject: DNS Issue To: efw...@li... Hi everyone, I'm having some problems with DNSmasq. We have two sites running separate domains, both of which have their own DNS servers as part of Active Directory. For the sake of argument, let's call them internal.local.lan and internal.remote.lan. I need to use my local DNS Active Directory server as a secondary to the master DNS server in the internal.remote.lan domain. I also want to use the anti-spyware blackhole DNS of the efw, so I am using our Active Directory DNS for internal.local.lan and forwarding to the Endian Firewall Proxy. The EFW then resolves using our ISP's DNS and theoretically the DNS of the internal.remote.lan domain. ... But requests for the internal.remote.lan are failing. At the moment, it seems that the EFW proxy is proxying the requests to the internal.remote.lan and cannot resolve them. I need to either bypass the proxy for those addresses or enable the EFW to resolve them so that the local DNS server can be a secondary. I've set the DNS proxy bypass destinations to include the internal.remote.lan ip address scheme, and I've tried changing the template file to have the line server=/internal.remote.lan/192.168.x.x (where 192.168.x.x. is the address of the remote DNS server) ... but it's not working. I am assuming this is could be affected by the fact that the EFW itself cannot ping hosts on the other side of the IPSEC connection. It does not seem to be able to connect across the IPSEC connection at all - e.g. I can't telnet to ports on computers on internal.remote.lan from the EFW, though all the internal.local.lan computers can. Can anyone suggest whether this solution should work assuming the EFW can connect across the IPSEC connection and if so, how do I resovle this issue. If not, what is the best way to ensure that I get the benefits of the anti-spyware blackhole routing DNS of EFW and ensure that the internal.local.lan DNS server can act as a secondary for the internal.remote.lan DNS server? Many thanks, Jx |