Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 13
Have a domain registered on a public ip. The domain server for the domain is on the same local network as the web server that uses the domain. The web ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Oct 2009
    Posts
    59

    domain won't load from local network


    Have a domain registered on a public ip. The domain server for the domain is on the same local network as the web server that uses the domain. The web server naturally has a local and public ip address.

    The problem is that whenever I try to access the domain from my local network the lookup for the domain fails, as it cannot find the server from the local network. What's the most painless solution to this problem?

    TL;DR: need for my domain to be accessible from both my local network and the outside world, now it's only from the outside which is a problem.

  2. #2
    Linux Engineer rcgreen's Avatar
    Join Date
    May 2006
    Location
    the hills
    Posts
    1,134
    On the name server, check the named.conf file
    to see if it is configured to listen only to the external
    address.

  3. #3
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    773
    if nslookup works and the dns server is reachable (ping) and you have configured nat port forwarding, it maybe because the firewall does not properly forward packets. i had the same situation some time ago and solved it by adding a ns alias that matched the public domain name to the local dns server. this way the public domain name was resolved to the internal IP of the server and all just worked out fine because all intranet users accessed the server through its lan ip.

  4. #4
    Just Joined!
    Join Date
    Oct 2009
    Posts
    59
    The options I have available are:

    Use the firewall to flag or forward packets for special processing.

    I could also add my domain name to the hosts file on the main router and that should assign the local ip to the domains (not sure if hosts take preference over a nameserver, be it local or global).

    Or I could create a local DNS server that would manage the domain name on my LAN, thou that seems like overkill to me as making a new name server to only manage a handful of domains could be a waste.

    My ISP told me that I need to properly set up and configure Apache and that then my domain would work locally too, but I doubt that Apache has anything to do with domain resolution (thou I can naturally be wrong).

  5. #5
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    773
    If you use dnsmasq as local dns server, add a similar line to your /etc/dnsmasq.conf:

    cname=public.domain.name,local.hostname
    i.e. if you have a server named "foo" and the public domain "foo.bar.net" it would be:

    cname=foo.bar.net,foo
    This one worked for me.

  6. #6
    Just Joined!
    Join Date
    Oct 2009
    Posts
    59
    Thanks, haven't tried dnsmasq but it seems to get the job done. When I use it as a name server all is well, haven't tried it on the same machine as bind is yet.

    The local domains defined in hosts and dnsmasq take preference over bind if both are on the same machine, right?

  7. #7
    Linux Engineer rcgreen's Avatar
    Join Date
    May 2006
    Location
    the hills
    Posts
    1,134
    I thought you said that the name server is on the local
    network. All you would need is to have local computers use
    that server. If it resolves to the external address and the gateway
    doesn't handle it correctly, you could put an entry into
    the hosts file of each local client computer you want
    to access the server. The hosts file on the server will not
    do it.

  8. #8
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    773
    Quote Originally Posted by rcgreen View Post
    you could put an entry into
    the hosts file of each local client computer you want
    to access the server.
    yes, but I personally would always prefer single point configurations over distributed ones whereever it is possible.

    Quote Originally Posted by rcgreen View Post
    The hosts file on the server will not
    do it.
    not entirely true. dnsmasq does consider the hosts when he tries to fulfill dns requests and by assigning a alias to the server works as the local dns server is the local authority that "knows better" than other authorities.

    even though i must admit this solution is some kind of dirty hack that I came up with as I was unable to configure iptables to handle outbound packets properly. the problem there is somewhat complicated and results from how NAT works. I'll try to explain it:

    first of all the two basic principles:
    1] inbound packets are received by the wan interface and NAT forwarded to the proper server over the lan interface
    2] outbound packets are received by the lan interface and simply forwarded the whoever they are intented to

    and the point where the problems arise
    1] for the whole world the firewall seems to be the server (due to NAT) and logically it would have to be for local hosts too, right? but outbound packets destined to the public ip of the firewall are (by the kernel) handled coming from the lan interface and thus the NAT forwarding rules of the wan interface do not apply. this makes sense because what reason would it make to forward them? they would be relayed back by the next gateway and thus just delayed.
    2] and further one cannot simply do NAT forwarding for the lan interface too as it would make the firewall host inaccessible on the forwarded ports which are typically 22, 80. if you one day want to change things in the router this may become pretty complicated (yes, i know there are ways to change every little port to some alternative one, but is that a solution?)

    conclusion:
    would you really want to configure nat forwarding twice (wan and lan)? it is so neat to just let dns resolve the public domain to the local server ip, even though the idea behind it is not that intuitive.

    let me know if you know other approaches! I'm always open for new ideas.

  9. #9
    Just Joined!
    Join Date
    Oct 2009
    Posts
    59
    Quote Originally Posted by rcgreen View Post
    I thought you said that the name server is on the local
    network. All you would need is to have local computers use
    that server. If it resolves to the external address and the gateway
    doesn't handle it correctly, you could put an entry into
    the hosts file of each local client computer you want
    to access the server. The hosts file on the server will not
    do it.
    I do not have control nor access to every host on the LAN so a distributed solution is out of the question.

    The ideal solution that I would go for is using dnsmasq on the same machine as the DNS server (don't have to change the name server config on each host that way). Dnsmasq should resolve first (for each request coming from the LAN), and if it fails for whatever reason it redirects every request to the actual DNS server.

    This should save any problems that would arise with configuring iptables (don't like meddling with the firewall anyway) while not needing to have access to every host and its hosts file, keeping it centralised and easy to modify. This seems like the most logical and painless solution to me.

  10. #10
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    773
    If you have already a dns server you most probably won't need dnsmasq.

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •