Newbie: DNS and NAT?
Brad Knowles
brad.knowles at skynet.be
Tue Sep 18 14:33:54 UTC 2001
At 11:31 AM -0100 9/18/01, john-paul delaney wrote:
> How serious are the problems?
Pretty serious. People will be trying to contact the private IP
address of your primary/master, and while most recent versions of
BIND will quickly learn to ignore this unreachable IP address, there
are plenty of other nameservers out there that simply will never
learn.
> Is there a way to set a "preferred" IP (of
> the two) for a domain?
With the BIND 9 "View" mechanism, you could have a different
internal version of the zone as the external version, but I don't see
any way to get the secondaries/slaves to strip the information out
regarding your private network before they then make that information
available.
> I have a static address but it's bound to the router, which acts as a
> separate device to the nameserver machine
Hmm. Yes, that does present a problem.
If the NAT device supported munging packets on the fly, I guess
you could go ahead and configure your internal nameserver, and have
the ADSL router/NAT device replace the private IP address with the
public IP address on all outgoing packets, and vice-versa on all
incoming packets (not only in the fields which determine the source &
target addresses, but also within the packets themselves).
However, I don't know of any routers/NAT devices that do this
kind of munging.
--
Brad Knowles, <brad.knowles at skynet.be>
H4sICIFgXzsCA2RtYS1zaWcAPVHLbsMwDDvXX0H0kkvbfxiwVw8FCmzAzqqj1F4dy7CdBfn7
Kc6wmyGRFEnvvxiWQoCvqI7RSWTcfGXQNqCUAnfIU+AT8OZ/GCNjRVlH0bKpguJkxiITZqes
MxwpSucyDJzXxQEUe/ihgXqJXUXwD9ajB6NHonLmNrUSK9nacHQnH097szO74xFXqtlbT3il
wMsBz5cnfCR5cEmci0Rj9u/jqBbPeES1I4PeFBXPUIT1XDSOuutFXylzrQvGyboWstCoQZyP
dxX4dLx0eauFe1x9puhoi0Ao1omEJo+BZ6XLVNaVpWiKekxN0VK2VMpmAy+Bk7ZV4SO+p1L/
uErNRS/qH2iFU+iNOtbcmVt9N16lfF7tLv9FXNj8AiyNcOi1AQAA
More information about the bind-users
mailing list