Newbie: DNS and NAT?

[Brad Knowles]

At 11:31 AM -0100 9/18/01, john-paul delaney wrote:

>  How serious are the problems?

	Pretty serious.  People will be trying to contact the private IP 
address of your primary/master, and while most recent versions of 
BIND will quickly learn to ignore this unreachable IP address, there 
are plenty of other nameservers out there that simply will never 
learn.

>                                 Is there a way to set a "preferred" IP (of
>  the two) for a domain?

	With the BIND 9 "View" mechanism, you could have a different 
internal version of the zone as the external version, but I don't see 
any way to get the secondaries/slaves to strip the information out 
regarding your private network before they then make that information 
available.

>  I have a static address but it's bound to the router, which acts as a
>  separate device to the nameserver machine

	Hmm.  Yes, that does present a problem.

	If the NAT device supported munging packets on the fly, I guess 
you could go ahead and configure your internal nameserver, and have 
the ADSL router/NAT device replace the private IP address with the 
public IP address on all outgoing packets, and vice-versa on all 
incoming packets (not only in the fields which determine the source & 
target addresses, but also within the packets themselves).

	However, I don't know of any routers/NAT devices that do this 
kind of munging.

-- 
Brad Knowles, <brad.knowles at skynet.be>

H4sICIFgXzsCA2RtYS1zaWcAPVHLbsMwDDvXX0H0kkvbfxiwVw8FCmzAzqqj1F4dy7CdBfn7
Kc6wmyGRFEnvvxiWQoCvqI7RSWTcfGXQNqCUAnfIU+AT8OZ/GCNjRVlH0bKpguJkxiITZqes
MxwpSucyDJzXxQEUe/ihgXqJXUXwD9ajB6NHonLmNrUSK9nacHQnH097szO74xFXqtlbT3il
wMsBz5cnfCR5cEmci0Rj9u/jqBbPeES1I4PeFBXPUIT1XDSOuutFXylzrQvGyboWstCoQZyP
dxX4dLx0eauFe1x9puhoi0Ao1omEJo+BZ6XLVNaVpWiKekxN0VK2VMpmAy+Bk7ZV4SO+p1L/
uErNRS/qH2iFU+iNOtbcmVt9N16lfF7tLv9FXNj8AiyNcOi1AQAA