Split DNS errors. What's wrong with my config?

[phishin4dmb]

Friends:

I must be doing something wrong with my DNS setup. I have a Split DNS with both my website EXAMPLE.com and my server as EXAMPLE.COM . I can resolve to my intranet site by typing example.com and that works fine, but when I try to resolve to my external site I get a error when I type http://www.example.com .

I am running SL 10.6.4 on the new mac mini server

Primary zone: Example.com
Name Server: Zone=Example.com NS:192.168.0.2

Machine record: Machine Name=example.com. IP=192.168.0.2
Alias: Name= www Destination=external ip to server


Here are my dig responses


; <<>> DiG 9.6.0-APPLE-P2 <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15277
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;example.com. IN A

;; ANSWER SECTION:
example.com. 10800 IN A 192.168.0.2

;; AUTHORITY SECTION:
example.com. 10800 IN NS 192.168.0.2.example.com.

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Aug 25 13:26:36 2010
;; MSG SIZE rcvd: 73
----> Everything seems ok here all except for the AUTHORITY SECTION. Why does it say (192.168.0.2.example.com.) Shouldn't it just say (192.168.0.2)


here is the WWW dig response.

; <<>> DiG 9.6.0-APPLE-P2 <<>> http://www.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24170
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;http://www.example.com. IN A

;; ANSWER SECTION:
http://www.example.com. 10800 IN CNAME 97.74.184.103.steakhaus.com.

;; AUTHORITY SECTION:
steakhaus.com. 3600 IN SOA 192.168.0.2.steakhaus.com. steve.example.com.example.com. 2010082520 86400 3600 604800 3600

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Aug 25 13:29:39 2010
;; MSG SIZE rcvd: 131
----> Everything seems ok here all except for the AUTHORITY SECTION again. Why does it say my NAME then example.com.example.com. and a bunch of numbers..

Any help would be great
Steve

 

[belvdr]

Those bunch of numbers are from the DNS config. As for the double-domain, you missed a period at the end of the email address:

steve.example.com[b].[/b]

 

[phishin4dmb]

Some progress

belvdr: That fixed this misc problem I was having but still not reason to my ability to not be able to resolve http://www.example.com.

I doubled check our intranet, is simply the wiki server. I have two sites defined.

1) One is on port 80 with IP of 192.168.0.2 that forwards every incoming request to our second site. I useds a ALIAS with a RedirectMatch with a pattern of (^/(.*)$) to point our https://mobile.example.com site. There are no options or web services running on this one site.

2) The second site is on port 443 with the IP of 192.168.0.2 which runs the wiki server. It uses SSL of course and has the Wiki, Blogs and Calendars options enabled.

Here are my new dig responses after the tweak...

Dig example.com

; <<>> DiG 9.6.0-APPLE-P2 <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8993
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;example.com.			IN	A

;; ANSWER SECTION:
example.com.		10800	IN	A	192.168.0.2

;; AUTHORITY SECTION:
example.com.		10800	IN	NS	Server.example.com.

;; ADDITIONAL SECTION:
Server.example.com. 10800 IN	A	192.168.0.2

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Aug 26 09:56:06 2010
;; MSG SIZE  rcvd: 90

Dig http://www.example.com

; <<>> DiG 9.6.0-APPLE-P2 <<>> www.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20964
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.example.com.		IN	A

;; ANSWER SECTION:
www.example.com.	10800	IN	CNAME	97.74.184.000.example.com.

;; AUTHORITY SECTION:
example.com.		3600	IN	SOA	Server.example.com. steve.example.com. 2010082602 86400 3600 604800 3600

;; Query time: 5 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Aug 26 09:58:50 2010
;; MSG SIZE  rcvd: 118

Any one have any more insight into my issues? Again I don't understand why when I dig http://www.example.com I get the IP address of where it is supose to point but I also get example.com. appended to the end of it as seen here...97.74.184.000.example.com.

thanks all for at least taking a look at my problems...

Steve

 

[belvdr]

Any one have any more insight into my issues? Again I don't understand why when I dig http://www.example.com I get the IP address of where it is supose to point but I also get example.com. appended to the end of it as seen here...97.74.184.000.example.com.

thanks all for at least taking a look at my problems...

Steve

Use an A record when a record resolves to an IP. A CNAME record is for an alias to another host record (i.e. non-IP).

 

[phishin4dmb]

A record for WWW

So I had done this before and it just loops it back to my intranet. Here is a new Dig response

Dig http://www.example.com

; <<>> DiG 9.6.0-APPLE-P2 <<>> www.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13501
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;www.example.com.		IN	A

;; ANSWER SECTION:
www.example.com.	10800	IN	A	97.74.184.000

;; AUTHORITY SECTION:
example.com.		10800	IN	NS	Server.example.com.

;; ADDITIONAL SECTION:
Server.example.com. 10800 IN	A	192.168.0.2

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Aug 26 11:09:35 2010
;; MSG SIZE  rcvd: 94

So everything seems to be reporting fine except it still goes to my intranet site. Grrrr, I know this might be a dumb question, but do I need to have zone transfers enabled?

 

[belvdr]

You don't need zone transfers for queries.

So are you trying to serve up local IPs on the local LAN and external IPs for everyone else? If so, you need two DNS servers for that.

 

[phishin4dmb]

DNS purpous

My DNS is used only to point to internal services (Wiki, Ical, Ichat, Address). My airport extreme is used as our DHCP server which shares our Static IP. It's DNS settins point to ours 192.168.0.2 and our ISP's.

Everything works fine for all our users both internal and external for all our services all except for viewing our external web site which is hosted on GoDaddy which has a static IP.

Thanks for your replies and help I really do apericate it. I have this posted on a few forums arcoss the web and I have been getting little response.

 

[belvdr]

No worries.

If the website is looping back to your internal address, then that's a problem with your site redirection, not DNS. Check your logs to see why it is redirecting.

 

[phishin4dmb]

Don't see any problems.

I have two sites setup.

example.com @443 (Wiki, Blog, Calendar)
example.com @80 (with a RedirectMatch: ^/{.*)$ --> https://example.com)

Here are my web error logs. I have no idea how to what it even means.

[Thu Aug 26 15:00:08 2010] [error] (61)Connection refused: proxy: HTTP: attempt to connect to 127.0.0.1:8171 (*) failed
[Thu Aug 26 15:00:08 2010] [error] [client 192.168.0.2] File does not exist: /Library/WebServer/Documents/collaboration-availability, referer: https://example.com/
[Thu Aug 26 15:00:08 2010] [error] [client 192.168.0.2] File does not exist: /Library/WebServer/Documents/collaboration-availability, referer: https://example.com/

 

[belvdr]

Let me be sure I have this straight:

1. Your intranet lies at 192.168.0.2
2. Your extranet/internet site lies at 97.74.184.000 (is that IP right or edited?)

Your redirect is pushing them to #1, your intranet site. One thing you might consider is using different hosts, such as wiki.example.com for the Wiki sites and http://www.example.com for the standard web sites. Then you can have these on different virtual hosts in Apache.

This is in the code somewhere.

 

[phishin4dmb]

even weider

So I gave that a try as it was really a last resort as I want to keep it really simple for people in the office. In any case no matter what I do it redirects to my internal site!!!!!

My Dig responses are clean as as they should be, so I assume DNS is setup correctly. But get this even when I just put the the 97.74.184.000 (Yes it is edited) in the web address it gets redirected to the internal site.

Any Other ideas? I am assuming it has to do with my Airport extreme getting the routing tables all F'D up. I am no expert at OSX server but my windows server knowledge pretty much translates over. I really have no idea where to go from here.

GRRR

 

[belvdr]

Could it be your port forwarding isn't setup correctly (i.e. forwarding 443 requests to port 80 on the internal IP)?

 

[phishin4dmb]

A fix

So I still don't know why my routing was getting all messed up. DNS should of taken care of it. In any case what I did was directed people on our intranet to go to mobile.example.com to access the wiki's. This was a simple fix since that is what they had to use outside of our domain.

Then I created another site as http://www.example.com with a reverse proxy enabled with a PROXY PATH of /, and Sticky Session Identifier as JSESSIONED and a URL of my Hosted godaddy sites IP with a ROUTE of 10 and a LOAD FACTOR of 100.

A weird work around but when DNS and DIG where setup right and my redirection was just not working in any browser then the Proxy was my next best fix...

I would sill like to know why when DNS is setup correctly why a broswer wouldent follow the correct route... STILL VERY WEIRD...