www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

ZS DNS interfering with our internal DNS?

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell
View previous topic :: View next topic  
Author Message
ilovetheobromine



Joined: 17 Jul 2012
Posts: 1

PostPosted: Wed Feb 06, 2013 8:02 pm    Post subject: ZS DNS interfering with our internal DNS? Reply with quote

Hello,

For more than a year now, I have been using ZS as a firewall / router to provide internet access to our firm’s guests while keeping them off of our internal network. One side of ZS sits on our internal network and the other sits on our “guest” network. Like this

Internet
|
Router
|
Internal network - Zeroshell - guest network

We occasionally have DNS issues on our internal network. For example, I am sometimes unable to reach internal servers by their name and must use an IP address instead. We have a single DNS server set up on our internal network. While scanning the network for possible “rogue” dns servers, I noticed that DNS services on the internal network side of the ZS box are visible. That is, I can “see” the DNS server running on the ZS interface that faces our internal network. Could this be the issue? I understand that client queries are “directed” specifically to the DNS server(s) for which the client is configured. Our internal client machines all get their DNS server settings from DHCP so I know they are all querying the proper internal server and not the ZS box. So…

1) Should I be able to see the ZS DNS server on our internal network?

2) Could the ZS DNS server facing our internal network be somehow interfering with our internal DNS server?

3) If the server’s visibility on our internal network is in fact the issue, how can I resolve this?

Thanks so much for any insight, direction, assistance you can possibly provide.
Back to top
View user's profile Send private message
JamesR



Joined: 30 Jan 2013
Posts: 31

PostPosted: Sat Feb 09, 2013 9:15 pm    Post subject: Re: ZS DNS interfering with our internal DNS? Reply with quote

ilovetheobromine wrote:
Hello,

For more than a year now, I have been using ZS as a firewall / router to provide internet access to our firm’s guests while keeping them off of our internal network. One side of ZS sits on our internal network and the other sits on our “guest” network. Like this

Internet
|
Router
|
Internal network - Zeroshell - guest network

We occasionally have DNS issues on our internal network. For example, I am sometimes unable to reach internal servers by their name and must use an IP address instead. We have a single DNS server set up on our internal network. While scanning the network for possible “rogue” dns servers, I noticed that DNS services on the internal network side of the ZS box are visible. That is, I can “see” the DNS server running on the ZS interface that faces our internal network. Could this be the issue? I understand that client queries are “directed” specifically to the DNS server(s) for which the client is configured. Our internal client machines all get their DNS server settings from DHCP so I know they are all querying the proper internal server and not the ZS box. So…

1) Should I be able to see the ZS DNS server on our internal network?

2) Could the ZS DNS server facing our internal network be somehow interfering with our internal DNS server?

3) If the server’s visibility on our internal network is in fact the issue, how can I resolve this?

Thanks so much for any insight, direction, assistance you can possibly provide.


I'd probably use dig or nslookup on the affected hosts to figure out which dns they're using and if the service is accessible and also resolving.

Not enough information in your post about firewalls, routing, and dns zones to give you much more info.

It could be that the dhcp for the Internal network is giving the zero shell's dns server as a potential name resolver.

Have you thought about slaving your internal dns zones to the zeroshell DNS server?
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group