"record has zero TTL" on resolving IN A
James A Griffin
agriffin at cpcug.org
Thu Oct 18 22:31:48 UTC 2001
"René Knudsen" wrote:
>
[snip]
> > > Maybe a routing problem ???
> > > Router (Cisco) NAT from *.*.*.* > 10.0.0.2 port 53 TCP/UDP
> > >
> >
> > This could be the problem.
> > What is the Cisco model and software version?
> >
> > Jim
> > [snip]
> >
> >
>
> Cisco 677 / Newest CBOS version......
Cisco has a FAQ on IOS. I am not sure how closely related IOS and CBOS
are, but I would be willing to bet that they share the same NAT code.
Here is the URL:
http://www.cisco.com/warp/public/cc/pd/iosw/ioft/iofwft/prodlit/iosnt_qp.htm
And here is the relevant information regarding Zero TTL for NATed DNS
packets:
Q. Does Cisco IOS NAT support DNS queries?
A. Yes, Cisco IOS NAT will translate the address(es) which appear in DNS
responses to name lookups (A queries) and inverse lookups (PTR queries).
Thus, if an outside host sends a name-lookup to a DNS server on the
inside, and that server responds with a local address, the NAT code will
translate that local address to a global address. The opposite is also
true, and is how we support IP addresses overlapping: an inside host
queries an outside DNS server, the response contains an address that
matches the access-list specified on the "outside source" command, so
the code translates the outside global address to an outside local
address.
Time-to-live (TTL) values on all DNS resource records (RRs) which
receive address translations in RR payloads are automatically set to
zero.
Cisco IOS NAT does not translate IP addresses embedded in DNS zone
transfers.
Hope this helps,
Jim
More information about the bind-users
mailing list