IP Addy Works Domain Name Not So Much
-
I recently added a new server internal to PFSense (we'll call it mailserv.net) - from another internal machine, here is my conundrum:
Exhibit 1 - If I ssh directly to the internal IP address - all is good:
#> ssh 192.168.1.100 me@192.168.1.100's password: Last login: Thu Sep 27 22:15:49 2012 from airbook [me@mailserv ~]$(all is fine)
Exhibit 2 - if I perform an nslookup on the domain name, it resolves to 192.168.1.100:
#> nslookup mailserv.net Server: 192.168.1.1 Address: 192.168.1.1#53 Name: mailserv.net Address: 192.168.1.100(all is fine)
Exhibit 3 - if I ssh to the domain name…nothing!
#> ssh mailserv.net ssh: connect to host mailserv.net: Operation timed outAny thoughts what I may have wrong? I have been fighting this for about 90 minutes and I am just puzzled.
A few notes:
(1) Above, for the nslookup, the server 192.168.1.1 is the PFSense box - thus, it appears the pfsense box is properly responding to the nslookup request.
(2) If I am external to PFSense the ssh works fine too! I just cannot access the new server via ssh (or any other protocol for that matter) from within the network. -
What you get from tcpdump on this new server?
-
As is expected, request to the IP Address show up in TCPDump; however, requests to the domain name do not.
Thus, I feel the firewall must be blocking; however, I am confused as to why it would be allowing the IP address, responding properly to a nslookup, but denying requests via the domain name.
-
You know if your going to use example names.. Use ones that do not resolve on the public net
;; QUESTION SECTION:
;mailserv.net. IN A;; ANSWER SECTION:
mailserv.net. 300 IN A 64.95.64.218No that server does not respond to ssh ;)
ubuntu:~$ ssh mailserv.net
ssh: connect to host mailserv.net port 22: Connection timed outNot a very good name for a host either.. So for example ubuntu.local.lan for my ubuntu box works just great!
;; QUESTION SECTION:
;ubuntu.local.lan. IN A;; ANSWER SECTION:
ubuntu.local.lan. 1 IN A 192.168.1.7C:\Windows\system32>ping ubuntu.local.lan
Pinging ubuntu.local.lan [192.168.1.7] with 32 bytes of data:So ping your box via fqdn does it resolve via ping, why would you be trying to resolve actual public domains if the host is local? Don't you use a local domain name like foo.bar or local.lan or something.localdomain
Then put a HOST in front of it, mailserv.net is host mailserv on the .net domain.. You are clearly not authoritative for .net ;) So make it host.mailserv.net would be better..
-
I'm assuming you've used mailserv.net just as an example in this thread, your real server is named differently?
However either way it's possible your local machine has cached some other IP address for your server url. nslookup is returning the correct IP since it always asks.Steve
-
^ exactly – it is possible for your machine to have a locally cached record for what your doing that got cached from elsewhere.
Really need to understand how your resolve, and what what your actually wanting to resolve to make sure your resolving the fqdn your wanting to use correctly.
a simple ping should show you what the box resolves your fqdn too, which should be the exact same thing your ssh client resolves.
as mentioned before using actual resolvable stuff as example is bad. And again I would stress if running your own local zones - I would use something that can never be resolved on the public for your tld, like .local or .lan or .localdomain -- when you use actual tlds that can be resolved public you might be having an issue where its being resolve using public dns vs locally if you don't have something setup correctly on your local nameserver.
