BIND behind Cisco 827 router
Ya Wen
ya4wen at yahoo.com
Wed Aug 22 00:36:28 UTC 2001
Here is something very weird. I enabled debug on the
Cisco 827 router and then did a nslookup from an
external host, say 128.32.142.1, for example:
nslookup www.aboutya.com
then on the router and the DNS server (W2k server)I
can see that the DNS query to port 53 came in to
64.164.155.155 (the public IP of the DNS server). But
when DNS response packets tried to get back, the
router showed "ICMP: dst (64.164.155.155) port
unreachable sent to 64.164.155.155", and "ICMP: dst
(128.32.142.1) port unreachable sent to
64.164.155.155". I am sure I can ping 128.32.142.1
from both the router and the sever. why did the router
complain about this?
I am very confused now and really believe it is a
Cisco IOS bug. Any comment? I am using Cisco 827 ADSL
router with 12.1(3)XG4 code.
Thanks very much!
-Ya
--- Marc.Thach at radianz.com wrote:
>
>
> Hi Ya,
>
> There is one individual (search the archives for
> Micheal Pelletier) who has
> asserted on more than one occasion that Cisco's NAT
> DNS ALG has a bug. He
> claims that he has an outstanding problem ticket
> with Cisco but has so far
> failed to provide more details of the exact nature
> of the bug, the IOS
> version or the Cisco TAC ticket or bug ID. My own
> understanding is that
> for recent IOS versions there are no problems and
> that the DNS ALG works as
> specified.
> I am still prepared to be corrected on this if
> Micheal wishes to do so.
>
> What is the application that displays the error
> message?
> Where is the application server?
> If this gets complicated, then you may need to sniff
> the wire using MS
> Network Monitor or if you haven't got that then a
> package called Ethereal
> will do nicely on Win 2k.
>
> rgds
> Marc TXK
>
________________________________________________________________________
> The views expressed are personal and do not
> necessarily reflect those of
> the organisation providing the mail address from
> which this message was
> sent
>
>
>
>
>
>
> Ya Wen
>
>
> <ya4wen at yahoo.c To:
> bind-users at isc.org
>
> om> cc:
>
>
> Sent by: Subject:
> BIND behind Cisco 827 router
>
> bind-users-boun
>
>
> ce at isc.org
>
>
>
>
>
>
>
>
> 21/08/2001
>
>
> 02:51
>
>
>
>
>
>
>
>
>
>
>
>
>
> Hi, everyone:
>
> I just set up a BIND 8.2.4 server on my W2K server.
> This server is given a private IP address but is
> staticlly mapped into a public IP address by a Cisco
> 827 ADSL router. This server is acting as the
> primary
> DNS server for my .com domain. Now I can resolve
> everything from internal hosts to outside hosts, but
> external hosts could not resolve anything on my
> domain, always get a "server no response" error. I
> checked the archive and understood that there is
> some
> issues about the ALG(Application Level Gateway) on
> Cisco router IOS. But I did not find any good
> solution
> about this issue. I do not want to have my ISP to
> host
> my DNS server and I really want to use private IP
> address for this server (I know if I readdress this
> server to use the public IP, I will solve the
> problem). Anybody have any fix for this or at least
> some pointer I can use?
>
> Thanks very much!
>
> -Ya
>
> __________________________________________________
> Do You Yahoo!?
> Make international calls for as low as $.04/minute
> with Yahoo! Messenger
> http://phonecard.yahoo.com/
>
>
>
>
>
>
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
More information about the bind-users
mailing list