Combining DNS and NATD
bob prohaska
bp at fib.eecs.berkeley.edu
Thu Dec 9 04:22:50 UTC 2004
phn at icke-reklam.ipsec.nu wrote:
> bob prohaska <bp at fib.eecs.berkeley.edu> wrote:
>> Is it possible to use a combined DNS/NATD machine to provide
>> Internet access to hosts with registered names but no routeable
>> IP numbers?
>
>
> Yes. Views + some careful design.
>
Hmm, the "careful design" part looks tricky 8-)
It's possible to imagine the nameserver answering
queries with the (routeable) name of a dual-homed
host having views of both the public and private
nets.
The nameserver knows the inquiring IP number and the
hostname to be resolved. The host with views knows the
inquiring IP number and could conceivably ask the nameserver
which host the inquiring IP wanted to know about. It could
then use views to direct packets to the correct host on
the private net.
Client asks nameserver "send address for host X"
Nameserver answers "X's address is gateway"
Client sends packet to gateway
gateway gets packet, asks nameserver "who was client asking about?"
nameserver tells gateway "client asked about host X"
gateway then looks up X in its private view, and forwards packets
It seems that multiple queries from one client make trouble:
Client asks nameserver about host Y
Nameserver answers "gateway"
Gateway gets packet, asks nameserver "who's this for?"
Nameserver answers "dunno, could be X or Y"
Ok, I'm starting to get the picture.....8-)
Thanks for your patience!
bob prohaska
More information about the bind-users
mailing list