dns server behind a firewall with a non routed ip?

Marc Thach Xuan Ky marc.thach at tesco.net
Tue Dec 4 19:35:27 UTC 2001 

Brad,
Don't actually know when you've only got one address, but the idea is to pass
traffic to the DNS server without traversing the NAT module.  I think possibly
WCCP might help, or possibly policy routing, but I haven't tried it yet, maybe
I will soon.  I can't say more than this at the moment, mainly due to my
three-year old pulling me away from the PC
I'll be in touch tomorro

Brad Davis wrote:

> hmm.. damn.. this uses a CBOS.. can you give me and idea how I would do it
> on a regular IOS device? that way I can call cisco and have a clue what I'm
> talking about?
>
> Thanks,
> Brad
> ----- Original Message -----
> From: Marc Thach Xuan Ky <marc.thach at tesco.net>
> To: Brad Davis <lists at linuxinstruct.com>
> Cc: <bind-users at isc.org>
> Sent: Tuesday, December 04, 2001 12:02 PM
> Subject: Re: dns server behind a firewall with a non routed ip?
>
> > Brad,
> > I'm not familiar with the non-IOS ciscos.  I suspect that your are not
> going to
> > succeed here.  Is there any way you could run your DSL out of another
> device?
> > Marc TXK
> >
> >
> > Brad Davis wrote:
> >
> > > I have to use nat I don't have a choice. I only get one IP and that is
> for
> > > my router. btw this is off my DSL so I'm using a Cisco 678 Router.
> > >
> > > This is my IOS:
> > > IP NAT = enabled
> > > IP NAT Entry = 192.168.2.2, 80, *, 80, *;192.168.2.2, 22, *, 22,
> > > *;192.168.2.2, 21, *, 21, *;192.168.2.2, 53, *, 53, *;
> > >
> > > Thanks,
> > > Brad
> > > ----- Original Message -----
> > > From: Marc Thach Xuan Ky <marc.thach at tesco.net>
> > > To: Brad Davis <lists at linuxinstruct.com>
> > > Cc: <bind-users at isc.org>; Simon Waters <Simon at wretched.demon.co.uk>
> > > Sent: Tuesday, December 04, 2001 5:18 AM
> > > Subject: Re: dns server behind a firewall with a non routed ip?
> > >
> > > >
> > > > Brad,
> > > > My view on this is that you shouldn't NAT the DNS server at all,
> static or
> > > > dynamic it's all the same, if you NAT the DNS, the ALG (which
> translates
> > > DNS
> > > > responses) is used.  I'm not sure exactly how you're forwarding the
> the
> > > DNS
> > > > requests, publishing your IOS config would help.
> > > > rgds
> > > > Marc TXK
> > > >
> > > > Brad Davis wrote:
> > > >
> > > > > yeah.. I'm using a cisco router.. I would like to see those
> > > references...
> > > > >
> > > > > what do you mean about dynamic nat? how is that differnet from
> regular
> > > nat?
> > > > >
> > > > > Brad
> > > > > ----- Original Message -----
> > > > > From: Simon Waters <Simon at wretched.demon.co.uk>
> > > > > To: Brad Davis <lists at linuxinstruct.com>
> > > > > Sent: Tuesday, December 04, 2001 2:33 AM
> > > > > Subject: Re: dns server behind a firewall with a non routed ip?
> > > > >
> > > > > > Brad Davis wrote:
> > > > > > >
> > > > > > > Hi All,
> > > > > > >
> > > > > > > I'm attempting to setup bind 8.2.3.
> > > > > > >
> > > > > > > I have it behind a router, on a box with an ip of 192.168.2.2
> and
> > > I'm
> > > > > > > forwarding port 53 from the router to this box. For some reason
> bind
> > > > > isn't
> > > > > > > answering any of the dns requests from the outside world.
> > > > > > >
> > > > > > > At first I couldn't do a 'nslookup - 192.168.2.2', only a
> > > 'nslookup -
> > > > > > > 127.0.0.1'.. but then I create a reverse dns zone for 192.168.2
> and
> > > > > added an
> > > > > > > entry for .2. then I could do an 'nslookup - 192.168.2.2'. So I
> > > setup a
> > > > > > > slave zone for the external ip address of my router and copied
> that
> > > dns
> > > > > info
> > > > > > > over.. thinking that if I had that info I could do use it from
> > > outside
> > > > > my
> > > > > > > network. Well now that I did that bind will respond but it
> changes
> > > the
> > > > > ip of
> > > > > > > what the host is to the external ip of my router. So this is
> what I
> > > get:
> > > > > > > note the ips and the server name have been changed.
> > > > > > >
> > > > > > > microsoft.com
> > > > > > > Server:  my.server.com
> > > > > > > Address:  12.34.56.78
> > > > > > >
> > > > > > > Name:    microsoft.com
> > > > > > > Addresses:  12.34.56.78, 12.34.56.78, 12.34.56.78, 12.34.56.78,
> > > > > 12.34.56.78
> > > > > > >
> > > > > > > any ideas on why this is happening? and how I could set this up
> > > better?
> > > > > >
> > > > > > I've seen similar reports with Cisco Dynamic NAT - you shouldn't
> > > > > > use the dynamic NAT unless that is what you need, I have
> > > > > > references to Cisco web site if you are using a Cisco router.
> > > > > >
> > > > > > Assuming the responses are okay internally try posting the
> > > > > > router configuration.
> > > > > >
> > > >
> > > >
> > > >
> >
> >

More information about the bind-users mailing list