Newbie: DNS and NAT?

Mattias Nyholm mattias.nyholm at framfab.se
Wed Sep 19 08:46:53 UTC 2001 

Ah, but that wasn't what I meant. The problem I was talking about is
putting the DNS server on a DMZ with a non-public IP address. It
would serve the Internet, and it would be authorative for it's domain.
Problem is that it won't accept being authorative, since it would have
an internal IP address while the DNS zone would contain the public
address.

This (putting the DNS in a DMZ) must be a common problem/setup?

Mattias

PS With my coding skills I'm pretty sure they would be more than
happy _not_ to accept my contribution.. :)

"Brad Knowles" <brad.knowles at skynet.be> wrote in message
news:9o8gj2$1ve at pub3.rc.vix.com...
>
> At 7:57 PM +0200 9/18/01, Mattias Nyholm wrote:
>
> >  This must be a very common problem.
>
> I sincerely doubt it.
>
> >                                       I'm not a BIND or DNS expert,
> >  but wouldn't it be possible to add a feature to BIND so that you can
> >  feed it an "IP translation list" so that it knows there is some NAT/PAT
> >  going on? Then it would know that it indeed is authorative, although
all
> >  communications occur over a totally different IP address.
>
> Very, very few people try to host the DNS for a domain that is
> not served by the nameservers belonging to the provider for the
> connectivity or hosting (you host your site at Company A, and
> 99.99999999% of the time, they also host the DNS).  Of those that do
> have the DNS hosted somewhere else, most either contract out the DNS
> hosting to another company (or perhaps more than one company).  They
> very, very few people left mostly have static IP addresses on a small
> home network, and can dedicate a separate IP address for the
> nameserver.
>
> What few people left in the world try to run their own
> primary/master nameserver behind a NAT device -- who knows?
>
> >  I think this is a pretty obvious solution, but since it isn't already
in
> >  BIND
> >  I guess there must be some good reasons why the idea is flawed.. :)
>
> Not necessarily flawed per se, but certainly very, very far down
> the list of things to be done.  That said, this is an open source
> project, and if you want to develop and contribute some code to
> perform this function, they'd probably be more than happy to accept
> your contribution.
>
> --
> Brad Knowles, <brad.knowles at skynet.be>
>
> H4sICIFgXzsCA2RtYS1zaWcAPVHLbsMwDDvXX0H0kkvbfxiwVw8FCmzAzqqj1F4dy7CdBfn7
> Kc6wmyGRFEnvvxiWQoCvqI7RSWTcfGXQNqCUAnfIU+AT8OZ/GCNjRVlH0bKpguJkxiITZqes
> MxwpSucyDJzXxQEUe/ihgXqJXUXwD9ajB6NHonLmNrUSK9nacHQnH097szO74xFXqtlbT3il
> wMsBz5cnfCR5cEmci0Rj9u/jqBbPeES1I4PeFBXPUIT1XDSOuutFXylzrQvGyboWstCoQZyP
> dxX4dLx0eauFe1x9puhoi0Ao1omEJo+BZ6XLVNaVpWiKekxN0VK2VMpmAy+Bk7ZV4SO+p1L/
> uErNRS/qH2iFU+iNOtbcmVt9N16lfF7tLv9FXNj8AiyNcOi1AQAA
>
>

More information about the bind-users mailing list