IXFR, NOTIFY, and NAT
Jim Reid
jim at rfc1035.com
Tue Sep 24 22:09:13 UTC 2002
>>>>> "Robert" == Robert Messinger <lists at mail.tiggee.com> writes:
Robert> Just wanted to mention this to everyone.
Robert> Strongly suggest you "not" use NAT if you want the NOTIFY
Robert> to work correctly.
Why qualify this? Not using NAT is always the Right Thing To Do.
Robert> I have a feeling that there is something with the IP
Robert> header which throws the whole thing in the crapper.
The "something in the header" will no doubt be the source IP addresses
for the NOTIFY packets. Your server is probably seeing the NOTIFY
messages coming from a different address from where they actually came
from. And therefore it is ignoring them apart from logging a warning
about NOTIFYs coming an "unexpected source" or something like
that. This will be happening because the NAT box is diddling with the
addresses on the inbound and outbound packets. Some of these devices
are truly evil and stupid because they diddle with the contents of DNS
packets to make the IP addresses in any A records look right. NAT?
Just say no.
More information about the bind-users
mailing list