dns server behind a firewall with a non routed ip?

Tue Dec 4 19:14:00 UTC 2001

hmm.. damn.. this uses a CBOS.. can you give me and idea how I would do it
on a regular IOS device? that way I can call cisco and have a clue what I'm
talking about?

Thanks,
Brad
----- Original Message -----
From: Marc Thach Xuan Ky <marc.thach at tesco.net>
To: Brad Davis <lists at linuxinstruct.com>
Cc: <bind-users at isc.org>
Sent: Tuesday, December 04, 2001 12:02 PM
Subject: Re: dns server behind a firewall with a non routed ip?

> Brad,
> I'm not familiar with the non-IOS ciscos.  I suspect that your are not
going to
> succeed here.  Is there any way you could run your DSL out of another
device?
> Marc TXK
>
>
> Brad Davis wrote:
>
> > I have to use nat I don't have a choice. I only get one IP and that is
for
> > my router. btw this is off my DSL so I'm using a Cisco 678 Router.
> >
> > This is my IOS:
> > IP NAT = enabled
> > IP NAT Entry = 192.168.2.2, 80, *, 80, *;192.168.2.2, 22, *, 22,
> > *;192.168.2.2, 21, *, 21, *;192.168.2.2, 53, *, 53, *;
> >
> > Thanks,
> > Brad
> > ----- Original Message -----
> > From: Marc Thach Xuan Ky <marc.thach at tesco.net>
> > To: Brad Davis <lists at linuxinstruct.com>
> > Cc: <bind-users at isc.org>; Simon Waters <Simon at wretched.demon.co.uk>
> > Sent: Tuesday, December 04, 2001 5:18 AM
> > Subject: Re: dns server behind a firewall with a non routed ip?
> >
> > >
> > > Brad,
> > > My view on this is that you shouldn't NAT the DNS server at all,
static or
> > > dynamic it's all the same, if you NAT the DNS, the ALG (which
translates
> > DNS
> > > responses) is used.  I'm not sure exactly how you're forwarding the
the
> > DNS
> > > requests, publishing your IOS config would help.
> > > rgds
> > > Marc TXK
> > >
> > > Brad Davis wrote:
> > >
> > > > yeah.. I'm using a cisco router.. I would like to see those
> > references...
> > > >
> > > > what do you mean about dynamic nat? how is that differnet from
regular
> > nat?
> > > >
> > > > Brad
> > > > ----- Original Message -----
> > > > From: Simon Waters <Simon at wretched.demon.co.uk>
> > > > To: Brad Davis <lists at linuxinstruct.com>
> > > > Sent: Tuesday, December 04, 2001 2:33 AM
> > > > Subject: Re: dns server behind a firewall with a non routed ip?
> > > >
> > > > > Brad Davis wrote:
> > > > > >
> > > > > > Hi All,
> > > > > >
> > > > > > I'm attempting to setup bind 8.2.3.
> > > > > >
> > > > > > I have it behind a router, on a box with an ip of 192.168.2.2
and
> > I'm
> > > > > > forwarding port 53 from the router to this box. For some reason
bind
> > > > isn't
> > > > > > answering any of the dns requests from the outside world.
> > > > > >
> > > > > > At first I couldn't do a 'nslookup - 192.168.2.2', only a
> > 'nslookup -
> > > > > > 127.0.0.1'.. but then I create a reverse dns zone for 192.168.2
and
> > > > added an
> > > > > > entry for .2. then I could do an 'nslookup - 192.168.2.2'. So I
> > setup a
> > > > > > slave zone for the external ip address of my router and copied
that
> > dns
> > > > info
> > > > > > over.. thinking that if I had that info I could do use it from
> > outside
> > > > my
> > > > > > network. Well now that I did that bind will respond but it
changes
> > the
> > > > ip of
> > > > > > what the host is to the external ip of my router. So this is
what I
> > get:
> > > > > > note the ips and the server name have been changed.
> > > > > >
> > > > > > microsoft.com
> > > > > > Server:  my.server.com
> > > > > > Address:  12.34.56.78
> > > > > >
> > > > > > Name:    microsoft.com
> > > > > > Addresses:  12.34.56.78, 12.34.56.78, 12.34.56.78, 12.34.56.78,
> > > > 12.34.56.78
> > > > > >
> > > > > > any ideas on why this is happening? and how I could set this up
> > better?
> > > > >
> > > > > I've seen similar reports with Cisco Dynamic NAT - you shouldn't
> > > > > use the dynamic NAT unless that is what you need, I have
> > > > > references to Cisco web site if you are using a Cisco router.
> > > > >
> > > > > Assuming the responses are okay internally try posting the
> > > > > router configuration.
> > > > >
> > >
> > >
> > >
>
>