NAT loopback and local DNS again

5 Replies

A while ago I had to do some fiddling to make my internet-accessible server also work from behind the Orange Livebox router at home. I described the problem and first fix in this post. Yesterday, it all stopped working, which was very annoying. It was my fault.

What was the problem? Well, the dynamic DNS entry was no longer updating, so when the IP address of the home router changed, as it does from time to time, the outside world could no longer find my server. It turns out that the little script which keeps the dynamic DNS updated relies on being able to find two addresses on the internet which are in the same domain as my dynamic address. For the sake of this example, we’re using ‘example.dyn.com’ as my dynamic IP address. The dynamic DNS update process also needs to be able to find ‘echo.dyn.com’ (which finds out the IP address of my router) and ‘rh.dyn.com’ (which accepts the update itself). I’d got my local DNS set up to override the whole ‘dyn.com’ domain so the update process simply wasn’t working – it could find neither ‘echo.dyn.com’ or ‘rh.dyn.com’.

The fix was delightfully simple. I just changed my DNS setup so it overrode only the specific address I was interested in. So now /etc/bind/named.conf.local has the following section in:

zone "example.dyn.com" {
  type master;
  file "/etc/bind/db.example.dyn.com";
};

and the zone file /etc/bind/db.example.dyn.com looks like:

$ORIGIN .
$TTL 604800 ; 1 week
example.dyn.com IN SOA localhost. root.localhost. (
  2009060801 ; serial
  604800 ; refresh (1 week)
  86400 ; retry (1 day)
  2419200 ; expire (4 weeks)
  604800 ; minimum (1 week)
  )
  NS sheevaplug
  A 192.168.1.10

Problem solved – the dynamic DNS update works and my server is visible from the internet again. Now I can go to the office and use it.

5 thoughts on “NAT loopback and local DNS again

  1. exocen

    I don’t understand the difference between this post and the old one
    why do you remove “$ORIGIN dyn.com” ? did you change /etc/hosts ?

    Reply
    1. martinjonestechnology Post author

      I didn’t change /etc/hosts, no, all my name lookups go through DNS. The $ORIGIN has changed because the zone file contains only one name, example.dyn.com, and that’s fully qualified, so no origin is really needed. However, it must end with a dot to be syntactically valid. See here: .

      Reply
    1. martinjonestechnology Post author

      In this case, ‘sheevaplug’ is just the name of my server. If I remember rightly, in this case the NS record indicates where the name server for this domain is, to give DNS clients a way of optimising where they make their queries.

      Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s