AW: AW: BIND9 behind NAT: no reverse lookup from external net
Ronan Flood
ronan at noc.ulcc.ac.uk
Wed Mar 2 15:48:47 UTC 2005
"Markus Wollny" <Markus.Wollny at computec.de> wrote:
> And I still cannot imagine that it's due to a firewall problem:
>
> The server does does come up with an answer for this query here:
> Mar 2 16:02:31 localhost named[32277]: client 212.123.106.145#42697:
> query: 145.106.123.212.in-addr.arpa IN PTR
>
> But it doesn't respond with an answer to that one:
> Mar 2 16:02:28 localhost named[32277]: client 212.123.106.145#42697:
> query: 12.0.168.192.in-addr.arpa IN PTR
But look at the query: 12.0.168.192.in-addr.arpa, when I guess you
asked for "dig -x 212.123.108.12". That suggests that the NAT firewall
is translating the address within the query.
> one of ist direct neighbours). So I gather that reverse lookup for
> itself seems to be something special in this particular NAT-situation
> (as internally it sees itself not as 212.123.106.10 but as
> 192.168.something) that has to be catered for in some place I haven't
> thought of yet.
The firewall ...
--
Ronan Flood <R.Flood at noc.ulcc.ac.uk>
working for but not speaking for
Network Services, University of London Computer Centre
(which means: don't bother ULCC if I've said something you don't like)
More information about the bind-users
mailing list