DNS Problem

markdunne · August 1, 2006, 2:50pm

Hi all,
I’m having a problem with my Mikrotik Server. The current Set up is:
2 Ethernet cards, Local IP Range 10.5.5.0/24 Server IP 10.5.5.1
Public IP 83.220.200.112 with Gateway 83.220.200.126

This was routing perfectly using masquerading NAT but yesterday something strange happened. It stopped loading many Web pages.

I know this is a DNS Problem but i’m at a loss as to how to fix it. I’ve even tried to set external DNS Servers that I know are working properly but the server seems to be blocking the DNS Requests.

Can anybody shed some light on this for me as I have many irate customers who are without proper internet access at the moment.

jarosoup · August 1, 2006, 9:23pm

I think you need to post a little more information about your setup. Are you using webproxy? What kind of firewall have you setup? Using torch and/or the traffic sniffer, you should be able to determine where your traffic is hanging up. Also, what type of Internet connection is this hooked up to (T1/T3, DSL, Sat, etc)?

Syonyk · August 1, 2006, 9:37pm

From the router, can you ping the DNS servers?

From the router, can you ping domain names (as in, does the router do proper DNS lookups itsself)?

What are the client DNS servers set to?

Can the client systems ping the DNS servers?

If so, can they do DNS lookups?

If you set the DNS server on the router to accept remote requests, and set the clients to use the router as their DNS server, do things work?

-=Russ=-

GotNet · August 2, 2006, 1:53am

No MT at that address!

MT doesn’t just stop working. Can you ping an IP outside? Look for a user with a home router pluged in backwards if you are using DHCP.

csickles · August 2, 2006, 1:57am

Check the outside IP..

A ZyXel router answers at that address…

Craig

markdunne · August 2, 2006, 1:14pm

The reason you’re not seeing a MT at that address is because i removed it and put a Zyxel in it’s place until i can figure out what’s going on. When it was in place i could type in any url on the MT and ping it no problem, it just seemed to stop routing traffic. I’m not using webproxy at all.

I’ve decided to just do a master reset on the box but i would still like to get to the bottom of what went wrong. I think it may have been hacked as when i telnetted into it i saw a lot of login attempts from external addresses.

markdunne · August 2, 2006, 1:19pm

Also the outside DNS servers are 82.195.128.132 and 82.195.128.192

markdunne · August 8, 2006, 5:58pm

Hi all just an update:

My DNS Server still isn’t working properly.
In the settings I have the Primary DNS Set to 217.114.173.6 and the secondary set to 82.195.128.132 and i have Allow Remote requests Checked.

When i Try an nslookup using my server it responds with:

Server: rfc1918.space.should.not.be.used.on.publicips
Address: 10.5.5.1

And Domain (eg. hp.com) I try to access comes back with:

*** No address (A) records available for hp.com

Has anyone seen this before? The response from the server seems strange to me. When i set my PC to the DNS Servers I showed above, i have full access to all pages.

cmit · August 8, 2006, 7:14pm

Are you REALLY sure you are still masquerading your outgoing DNS requests?

Best regards,
Christian Meis

markdunne · August 9, 2006, 10:02am

I have Masquerading set up as in:
Chain=srcnat
out-interface=ether2
action=masquerade.

How do you mean my masquerading outgoing DNS requests?

Also checking the DNS Cache revealed the following few lines that to me seem odd:

Name, Type, Data
1.10.168.192.in-addr.arpa, PTR, rfc1918.space.should.not.be.used.on.publicips
1.3.168.192.in-addr.arpa, PTR, rfc1918.space.should.not.be.used.on.publicips
1.5.5.10.in-addr.arpa, PTR, rfc1918.space.should.not.be.used.on.publicips
10.in-addr.arpa, NS, localhost
10.in-addr.arpa, NS, blackhole-1.iana.org
10.in-addr.arpa, NS, blackhole-2.iana.org
114.200.220.83.in-addr.arpa, unknown (this is the Public IP of the server, why is it unknown???)