[BlueOnyx:05987] Re: 1:1 NAT and DNS - Domains not resolving regularly

Chuck Tetlow chuck at tetlow.net
Thu Dec 2 11:25:39 -05 2010 

Well,

I can see one problem right off the bat. 

A quick name resolution check for www.radiotowerinstallers.com returns a good IP of 216.132.149.200.  Although a check or radiotowerinstallers.com returns 10.0.0.200.  And later checks of the name www. also returned the 10.0.0.200.

The same checks of both comsiteconstruction.com and www.comsiteconstruction.com returns the IP address 10.0.0.140.  THAT ain't gonna work!

It appears you've got some DNS resolutions issues to straighten out first.

But from someone who takes care of companies Cisco routers and BQ/BX servers - let me say that you're better off just putting the real-world IP on the server itself.  If you're just using a Cisco 3700 and doing one-to-one NAT - you're not doing any favors using private address space inside and NAT on the router.  Plus, you're going to cause yourself other problem with protocols like FTP (do you know how to go into the proftpd.conf and put in the real world IP for those sites - so they'll work??).

And even if you're doing other things with the Cisco like filtering or making use of the firewall feature set - I still can't understand using private addresses on the inside servers.  You can still filter with access lists and use the firewall feature set with the real-world IPs directly on the servers.  We do!

Chuck

---------- Original Message -----------
From: Titus Bolton <titus at antennasystems.com> 
To: BlueOnyx General Mailing List <blueonyx at blueonyx.it> 
Sent: Thu, 2 Dec 2010 09:41:38 -0600 
Subject: [BlueOnyx:05984] 1:1 NAT and DNS - Domains not resolving regularly

> Greetings and Salutations:
> 
> I have an issue with domain names not resolving, and I am pretty sure it has something to do with our NAT'ing and our DNS, though I cannot be positive.
> 
> 
> We host a large number of domains, and we have noticed that the domains are not resolving properly outside of the local network.  Two of the domains are comsiteconstruction.com and radiotowerinstallers.com.
> 
> When I ping them I get something to the extent of:
> 
> ping radiotowerinstallers.com
> PING radiotowerinstallers.com (10.0.0.200): 56 data bytes
> 64 bytes from 10.0.0.200: icmp_seq=0 ttl=64 time=50.060 ms
> 
> ping comsiteconstruction.com
> PING comsiteconstruction.com (10.0.0.140): 56 data bytes
> 64 bytes from 10.0.0.140: icmp_seq=0 ttl=64 time=40.006 ms
> 
> Pings from outside our network
> http://network-tools.com/default.asp?prog=ping&host=comsiteconstruction.com
> 
> Ping 216.132.149.141
> 
> [comsiteconstruction.com]
> 
> Round trip time to 216.132.149.141: 417 ms
> Round trip time to 216.132.149.141: 529 ms
> Round trip time to 216.132.149.141: 723 ms
> Timed out
> Timed out
> Timed out
> Round trip time to 216.132.149.141: 501 ms
> Timed out
> Round trip time to 216.132.149.141: 508 ms
> Round trip time to 216.132.149.141: 173 ms
> 
> Average time over 10 pings: 285.1 ms
> 
> http://network-tools.com/default.asp?prog=ping&host=radiotowerinstallers.com
> 
> Ping
> 
> [radiotowerinstallers.com]
> 
> Bad destination
> Bad destination
> Bad destination
> Bad destination
> Bad destination
> Bad destination
> Bad destination
> Bad destination
> Bad destination
> Bad destination
> 
> Average time over 10 pings: 0 ms
> 
> We're using a Cisco 3700 with a 1:1NAT.  The webservers are configured with the internal IPs.
> 
> Here's a link that gives some more information regarding our DNS issues:
> http://www.dnsstuff.com/tools/dnsreport?domain=comsiteconstruction.com&format=raw&loadresults=true&token=2631b81c48a7cd4d17c01c08180f2013
> 
> Please let me know if I can give any more information.
> 
> Kind regards,
> 
> Titus Bolton
> Antenna Systems & Solutions, Inc.
> 931 Albion Avenue
> Schaumburg, Illinois 60193-4550
> United States of America
> Phone: +1-847-584-1000   Fax: +1-847-584-9951
> http://www.antennasystems.com
>  
> GSA Contract Number: GS-35F-0479T        
> Electronic Counter Measures, Trap and Trace Devices, and accessories.
>  
> Watch our network broadcast television interviews on www.youtube.com/antennasystems
>   
> Confidentiality note:   
> This message is the property of Antenna Systems & Solutions, Inc. and contains information which may be privileged or confidential.  It is meant only for the intended recipients and/or their authorized agents.  If you believe you have received this message in error, please notify us immediately by return e-mail and destroy any printed or electronic copies of this message.  Any unauthorized use, dissemination, disclosure, or copying of this message or the information contained in it, is strictly prohibited and may be unlawful.   Thank you for your cooperation.
> 
> 
> 
------- End of Original Message -------
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20101202/f44f021e/attachment.html>

More information about the Blueonyx mailing list