Firewalls: RE: nslookup via the firewall

Firewalls
(December 1996)

Indexed By Thread: [Previous] [Next]

Subject:	RE: nslookup via the firewall
From:	jsluzewski @ dna . com
Date:	Fri, 13 Dec 96 12:24:00 EST
To:	<firewalls @ GreatCircle . com>

On SUNOS machines DNS won't work without NIS. There is a way to make DNS 
independent of NIS, but it is not an offically supported solution by Sun.
On Solaris all one has to do, is to edit /etc/nsswitch.conf
I am know sure what has to be done on HP machines.
I hope it will somewhat help.

PS. In the future,  give your email address with your posting to allow 
direct responses.

jsluzewski @
 dna .
 com
 ----------
From: firewalls-owner
To: jsluzewski; firewalls
Subject: nslookup via the firewall
Date: Friday, December 13, 1996 8:00AM

Return-path: <firewalls-owner @
 GreatCircle .
 COM>
Message-Id: <199612131557 .
 HAA29487 @
 dfw-ix4 .
 ix .
 netcom .
 com>
From: "Data Systems Bureau" <lasdsdn @
 ix .
 netcom .
 com>
To: "Firewall Group" <firewalls @
 GreatCircle .
 COM>
Subject: nslookup via the firewall
Date: Fri, 13 Dec 1996 08:00:37 -0800
X-MSMail-Priority: Normal
X-Priority: 3
X-Mailer: Microsoft Internet Mail 4.70.1155
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Sender: firewalls-owner @
 GreatCircle .
 COM
Precedence: bulk
 ----------------------------------------------------------------------------  
 --
Hi gang,

I'm stuck on nslookup and I could use a quick clue.  Our DNS server is =
outside the firewall.  I'm using a HP UX based firewall and I've added =
the /etc/resolv.conf file to it so that I can run nslookup.  It works =
just fine, but keep in mind this is the firewall machine and therefore =
the execution of the command does not have to go through the firewall's =
own filters.

When I try nslookup on other Unix machines set up behind the firewall =
the command times out.  I get a message telling me that the nameserver =
is not found.  I've tried this from HP UX, SUN OS, and NeXTstep and all =
have the same problem.

I have also setup several PC clients behind the firewall using both =
Windows 3.1 w/ Reflection TCP/IP stacks and Windows 95.  In both of =
these situations, my web browser works fine and can resolve all web =
addresses.  This tells me that the PC clients can reach the DNS server =
without a problem (both PC's and Unix machines have the same DNS domain =
name defined and the same DNS server IP address).

Hence, the question.  Why can't my Unix machines reach the DNS server =
but my PC's can.

On the firewall, I'm allowing both ports 53/UDP and 53/TCP to go out to =
the DNS server, and I'm also allowing these same ports to come back into =
my internal network (even though I realize that this second filter is =
not needed).

All I can think of is that nslookup does not use port 53.

Any clues.

Thanks,

Fabian E.

Follow-Ups:

Re: nslookup via the firewall
From: acli @ www . mingpaoxpress . com (Ambrose Li)
RE: nslookup via the firewall
From: sazah @ ibu . sj . nec . com (Sunny Azah)
Re: nslookup via the firewall
From: "Donald R. Guillot" <dguill @ communique . net>

Indexed By Date	Previous:	Re: nslookup via the firewall From: "Mike O'Connor" <mjo @ dojo . mi . org>
Indexed By Date	Next:	gobbler From: Jamshid Abedi <jabedi @ u235 . newyorkview . com>
Indexed By Thread	Previous:	Re: nslookup via the firewall From: "Mike O'Connor" <mjo @ dojo . mi . org>
Indexed By Thread	Next:	Re: nslookup via the firewall From: "Donald R. Guillot" <dguill @ communique . net>