Static DNS failure

alex998r · September 25, 2007, 10:38am

Hello I have a problem with static DNS.
I am running ROS 2.9.43 on a dedicated AMD based PC.
I have in my internal network a Linux Debian mailserver ( Postfix ) and I wish my clients connect to it with it's name.
I had put a static DNS entry, this is the output:

[alex@badde1_pc] ip dns static> pr
Flags: D - dynamic

NAME ADDRESS TTL

0 mailserv 10.5.50.252 1d
1 dnsbadde 10.5.50.1 1d

so my clients should insert MAILSERV as the SMTP out, buth this is not functioning.
If I try to ping MAILSERV it fails
The NSLOOKUP command gives this output:
SERVER: DNSBADDE
ADDRESS: 10.5.50.1

NAME: MAILSERV
ADDRESS: 10.5.50.252

So it seems that NSLOOKUP correctly finds the name-address association; but http or SMTP not.
I tryed also a: telnet mailserv
no success also with this command.
My DNS settings are:
[alex@badde1_pc] ip dns> pr
primary-dns: 62.211.69.150
secondary-dns: 0.0.0.0
allow-remote-requests: yes
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 1368KiB

Please has someone some suggestion?
Do I missed something in the configuration?
Many thanks for your help
Regards
Alessandro

sergejs · September 25, 2007, 12:05pm

You should have redirect rules, that ensures that all clients use router DNS cache.
Like this,
‘ip firewall nat add action=redirect dst-port=53 protocol=tcp chain=dstnat to-ports=53’, the same for UDP protocol.

alex998r · September 25, 2007, 7:55pm

Hi Segejs, many thanks for your help.
unfortunately on the same MT box I am running a hotspot service, thus I have two dynamic rules added
by HS; they are:

2 D chain=hotspot protocol=udp dst-port=53 action=redirect to-ports=64872

3 D chain=hotspot protocol=tcp dst-port=53 action=redirect to-ports=64872

Are they needed?
Can I put the two suggested rules on top of these to intercept port 53 requests before the other above mentioned two?

many thanks for your help
Regards
Alessandro

alex998r · September 26, 2007, 8:04am

Hi please anyone can explain the above problem?
I tryed by myself to put the NAT rules on top of the chain but the clients stopped to surf the internet
Many thanks
Alessandro

JR1 · September 27, 2007, 3:20pm

the same problem exsits with rc1, i.e. it DOES NOT work with keywords ONLY!
e.g. mailserv

If i try to ftp://mailserv and login - it says after a long time cannot get content,
even though the logs on MT shows a ftp user has logged in.

The only way around this is [.] in the keyword - e.g mailserv.linux or mail.serv

alex998r · September 28, 2007, 7:51am

Hi JR, many thanks for your help.
Now it works, great
Regards
Alessandro

sergejs · October 2, 2007, 11:02am

These rules are created by HotSpot, HotSpot is taking DNS requests to itself, then use settings from ‘ip dns’.
2 D chain=hotspot protocol=udp dst-port=53 action=redirect to-ports=64872
3 D chain=hotspot protocol=tcp dst-port=53 action=redirect to-ports=64872

JR1 · October 4, 2007, 5:04pm

Sergejs - could you kindly explain this, thanks.
I really would like to use single keywords.

Chupaka · October 5, 2007, 11:31pm

try “MAILSERV.” (with dot) on clients - it seems like it’s working =)