dns server behind a firewall with a non routed ip?
Marc Thach Xuan Ky
marc.thach at tesco.net
Tue Dec 4 12:18:42 UTC 2001
Brad,
My view on this is that you shouldn't NAT the DNS server at all, static or
dynamic it's all the same, if you NAT the DNS, the ALG (which translates DNS
responses) is used. I'm not sure exactly how you're forwarding the the DNS
requests, publishing your IOS config would help.
rgds
Marc TXK
Brad Davis wrote:
> yeah.. I'm using a cisco router.. I would like to see those references...
>
> what do you mean about dynamic nat? how is that differnet from regular nat?
>
> Brad
> ----- Original Message -----
> From: Simon Waters <Simon at wretched.demon.co.uk>
> To: Brad Davis <lists at linuxinstruct.com>
> Sent: Tuesday, December 04, 2001 2:33 AM
> Subject: Re: dns server behind a firewall with a non routed ip?
>
> > Brad Davis wrote:
> > >
> > > Hi All,
> > >
> > > I'm attempting to setup bind 8.2.3.
> > >
> > > I have it behind a router, on a box with an ip of 192.168.2.2 and I'm
> > > forwarding port 53 from the router to this box. For some reason bind
> isn't
> > > answering any of the dns requests from the outside world.
> > >
> > > At first I couldn't do a 'nslookup - 192.168.2.2', only a 'nslookup -
> > > 127.0.0.1'.. but then I create a reverse dns zone for 192.168.2 and
> added an
> > > entry for .2. then I could do an 'nslookup - 192.168.2.2'. So I setup a
> > > slave zone for the external ip address of my router and copied that dns
> info
> > > over.. thinking that if I had that info I could do use it from outside
> my
> > > network. Well now that I did that bind will respond but it changes the
> ip of
> > > what the host is to the external ip of my router. So this is what I get:
> > > note the ips and the server name have been changed.
> > >
> > > microsoft.com
> > > Server: my.server.com
> > > Address: 12.34.56.78
> > >
> > > Name: microsoft.com
> > > Addresses: 12.34.56.78, 12.34.56.78, 12.34.56.78, 12.34.56.78,
> 12.34.56.78
> > >
> > > any ideas on why this is happening? and how I could set this up better?
> >
> > I've seen similar reports with Cisco Dynamic NAT - you shouldn't
> > use the dynamic NAT unless that is what you need, I have
> > references to Cisco web site if you are using a Cisco router.
> >
> > Assuming the responses are okay internally try posting the
> > router configuration.
> >
More information about the bind-users
mailing list