Newbie: DNS and NAT?
john-paul delaney
jp at justatest.com
Tue Sep 18 22:21:42 UTC 2001
On Wed, 19 Sep 2001, Juha Saarinen wrote:
Hello Juha...
How did you setup the 'slaving' of the isp's? Is your nameserver ultimately the SOA for your domain? If so, how did you get around the issue (already mentioned) of your nameserver not sending non-authoritive responses?
TIA,
/j-p.
> On Tue, 18 Sep 2001, Brad Knowles wrote:
>
> > If the NAT device supported munging packets on the fly, I guess >
> you could go ahead and configure your internal nameserver, and have >
> the ADSL router/NAT device replace the private IP address with the >
> public IP address on all outgoing packets, and vice-versa on all >
> incoming packets (not only in the fields which determine the source &
> > target addresses, but also within the packets themselves). > >
> However, I don't know of any routers/NAT devices that do this > kind
> of munging.
>
> I'm not sure what you mean by problems here, but this configuration sounds
> very similar to what I have for my personal domain. A single public IP for
> my router, which then NATs to my DNS box. This works very well indeed
> (barring those moments when the service hiccoughs of course).
>
> The "trick" here is to recognise the inherent limitations of such a
> set-up, and work around them. My ISP's nameservers are authoritative for
> my domain, but they slave off my nameserver. That way, I get full control
> over my domain, yet I don't have lots of DNS traffic to deal with.
>
> This type of setup (I've seen it referred to as "stealth DNS" or "hidden
> DNS") requires a friendly ISP, and of course, working DNS on your side.
>
>
>
--
alternative art online
http://www.justatest.com/
More information about the bind-users
mailing list