Adding DNS ALG support to Bind?
Carl Byington
carl at byington.org
Mon Nov 2 23:03:51 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 2015-10-30 at 12:38 -0400, Bill wrote:
> What I would like to do to have the ability to query a DNS server
> located behind a NAT, and have it return the IP of the NAT, and setup
> connection tracking in the NAT to pass traffic thru to the host behind
> the NAT.
I think that is a bad idea, even if you can get it implemented and
working.
If I know the names of your hosts (they will eventually be found via
google or other searches), then I can remotely reconfigure your NAT
device to allow my attack traffic thru - and all it takes is a simple
UDP query to your dns server.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAlY3668ACgkQL6j7milTFsGtdACffAMRw4DryIrJ9krqDfIFPqxa
A0UAnirkaQLYyZFeZe+G5C431yjEjzxc
=4A4M
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list