# Routing subdomain to intranet



## ruudschmahinda (Nov 21, 2013)

Hello there fellow BSDers.

I am completely new to the game, switching from Linux for this particular problem I have.

There is only one thing keeping me from completing my project: I want subdomain.selfhost.eu to be routed into the intranet via named. selfhost.eu is a registered domain, and so is my subdomain with their DynDNS service.

I edited the named.conf as follows:

```
zone "subdomain.selfhost.eu" { type master; file "/etc/named/master/subdomain.selfhost.eu"; };
```
and then created a file in subdomain.selfhost.eu in the master directory. It looks like this:

```
$TTL 2d ; zone default TTL = 2 days
$ORIGIN subdomain.selfhost.eu.
@               IN      SOA     subdomain.selfhost.eu. root.subdomain.selfhost.eu. (
                2013112116      ; Seriennummer IMMER UM 1 ERHOEHEN
                10800           ; Refresh
                3600            ; Retry
                604800          ; Expire
                86400 )         ; Minimum TTL
;
                IN NS   subdomain.selfhost.eu.
;
;DNS Server von subdomain.selfhost.eu
@               IN A            192.168.2.12
subdomain       IN A            192.168.2.12
localhost       IN A            127.0.0.1
;
www             IN CNAME        subdomain
```

The webserver is running on the same IP as the NS. It is a jail in FreeNAS named owncloud_1.

Where did I go wrong? If I ping selfhost.eu I get their public IP. If I ping subdomain.selfhost.eu I get

```
ping: unknown host subdomain.selfhost.eu
```

I do know their nameservers, if that helps any. They are pri.asok.de and sec.asok.de.

I hope I gave you enough information.


----------



## junovitch@ (Nov 22, 2013)

Is the unknown host error you are receiving coming from when you ping from somewhere on the Internet?  If so they maybe that subdomain doesn't have a namerserver registered as pointing to your public address.  If this isn't working from within your LAN, then I would suggest starting with doing a `dig @localhost subdomain.selfhost.eu` on your nameserver followed by a `dig @192.168.2.12 subdomain.selfhost.eu` and a plain `dig subdomain.selfhost.eu` somewhere on a client within your LAN to see where it breaks.  It sounds like somewhere along the way something that should be pointing at your name server isn't pointed at it.


----------



## ruudschmahinda (Nov 23, 2013)

Thank you for your answer. The server is perfectly reachable from the outside, since the DynDNS service and port forwarding works flawlessly.

I ran the commands you asked on the nameserver and got these "answers" back:

```
dig @localhost subdomain.selfhost.eu

; <<>> DiG 9.8.3-P4 <<>> @localhost subdomain.selfhost.eu
; (2 servers found)
;; global options: +cmd
;; connection timed out; no servers could be reached
```


```
dig @192.168.2.12 subdomain.selfhost.eu

; <<>> DiG 9.8.3-P4 <<>> @192.168.2.12 subdomain.selfhost.eu
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 38959
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;subdomain.selfhost.eu.        IN    A

;; Query time: 0 msec
;; SERVER: 192.168.2.12#53(192.168.2.12)
;; WHEN: Sat Nov 23 01:29:48 2013
;; MSG SIZE  rcvd: 39
```
and

```
dig subdomain.selfhost.eu

; <<>> DiG 9.8.3-P4 <<>> subdomain.selfhost.eu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28685
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;subdomain.selfhost.eu.        IN    A

;; ANSWER SECTION:
subdomain.selfhost.eu.    12    IN    A    87.143.*.*

;; Query time: 24 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Nov 23 01:29:07 2013
;; MSG SIZE  rcvd: 55
```

In named.conf I did set the forwarders option to the gateway (router). The resolv.conf has the google NS in them (8.8.8.8 and 8.8.4.4).

At the moment I have not the option to perform dig on a client machine, but will be able to do that tomorrow. Any client not using 192.168.2.12 as a NS resolves subdomain.selfhost.eu to the public IP as they should though. Also the hosts file on the NS has subdomain.selfhost.eu in them with the correct IP of 192.168.2.12.


----------



## junovitch@ (Nov 24, 2013)

Well, it's probably going to be something simple here.  The first two commands should have succeeded.  The default for named is to act as a local resolver listening on the localhost address of 127.0.0.1, which isn't available in the jail.  Did you modify the listen directive in /etc/nameddb/named.conf to listen externally on the jail IP address?

As far as your setup, since you are running named as a resolver, you'll probably want your /etc/resolv.conf to point to the address where named is running rather than public name servers.  Let it cache results locally and let a forwarders directive handle look-ups to public name servers.  Since you want your clients on your LAN to respect that zone file you've created, you're probably going to want your gateway forwarding to your name server rather than the other way around.


----------



## ruudschmahinda (Nov 25, 2013)

Thank you for your answers so far!

I was able to perform the various dig commands on a client today and this is what I got:


```
; <<>> DiG 9.9.2-P1 <<>> @localhost subdomain.selfhost.eu
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

; <<>> DiG 9.9.2-P1 <<>> @192.168.2.12 subdomain.selfhost.eu
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 17056
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;subdomain.selfhost.eu.		IN	A

;; Query time: 4 msec
;; SERVER: 192.168.2.12#53(192.168.2.12)
;; WHEN: Sat Nov 23 18:25:14 2013
;; MSG SIZE  rcvd: 50


; <<>> DiG 9.9.2-P1 <<>> subdomain.selfhost.eu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 25244
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;subdomain.selfhost.eu.		IN	A

;; Query time: 4 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Sat Nov 23 18:25:32 2013
;; MSG SIZE  rcvd: 50
```

I did change the nameservers in the resolv.conf to 192.168.2.12. It is impossible for me to direct the gateway/router to the NS. That is why I am trying this setup in the first place.


----------



## ShelLuser (Nov 25, 2013)

I don't understand why you want to use a DNS server for this.

If you want an entry in a public domain to point to your local Intranet then why not use /etc/hosts to add an entry there? That way the host will always use the IP address you defined there instead of whatever is available in your DNS server (depending on the search order which is defined in /etc/nsswitch).


----------



## ruudschmahinda (Nov 25, 2013)

ShelLuser said:
			
		

> I don't understand why you want to use a DNS server for this.
> 
> If you want an entry in a public domain to point to your local Intranet then why not use /etc/hosts to add an entry there? That way the host will always use the IP address you defined there instead of whatever is available in your DNS server (depending on the search order which is defined in /etc/nsswitch).


Of course I thought about this, but the clients mainly consist of Windows 7 boxes, Mac minis and Mac books. I want it for the users of the network to be as seamless as possible. Some people bring their private laptops with them, and as soon as they were at home, they wouldn't be able to connect because they need the public IP.

Also I am only there for a year. It should all be as seamless as possible for the users of the network.


----------



## Deleted member 9563 (Nov 25, 2013)

You can just put the hosts file on your router. I do that and it really simplifies the LAN administration.


----------



## ruudschmahinda (Nov 25, 2013)

I wish it was that easy. The router is pretty crappy and out of date and at the moment can not be exchanged. Also I am trying to get some experience with BIND that way.


----------



## Deleted member 9563 (Nov 25, 2013)

ruudschmahinda said:
			
		

> I wish it was that easy. The router is pretty crappy and out of date and at the moment can not be exchanged. Also I am trying to get some experience with bind that way.



Broadening your experience is indeed a noble pursuit.  However, many inexpensive consumer routers have the ability to run Tomato. I've gotten suitable ones for under $10. A high powered one is five to ten times that.


----------



## ruudschmahinda (Nov 26, 2013)

```
zone "subdomain.selfhost.eu" { type master; file "/etc/named/master/subdomain.selfhost.eu"; };
```
I found the blunder I have made: of course the path is wrong! It should not be /etc/named/ but /etc/namedb/.

It works now.


----------



## ShelLuser (Nov 26, 2013)

From which host are you trying to run those ping commands?

Also: do I assume right that you also use a DHCP server on the Intranet which points any clients to your own DNS server?

*Edit*: Right, either I'm now totally losing it or you edited a post. Most likely it's a bit of both §e

Alas, good to know you solved it.


----------

