getting my own IP back
jd
lug at taproot.bz
Tue Feb 18 05:58:05 UTC 2003
On Mon, 2003-02-17 at 23:45, Eivind Olsen wrote:
> --On 17. februar 2003 19:28 -0600 julianop <julianop at mninter.net> wrote:
> > I don't know what the firewall would do. I have a Cisco 678 DSL router
> > with NAT running to map the ports to the right machines on my private
> > LAN, but that's about it. On the subject of firewalls, though, I added the
> > "query-source address * port 53;", only because I think I'm supposed to.
>
> Ahh, there's your problem. The Cisco 678 is probably _very_ similar to the
> Cisco 677.
> It's actually a piece of sh*t when it comes to its "intelligent" handling
> of DNS-packets. It mangles the DNS-packets just like you've experienced.
> I'm not aware of any way of disabling that "feature", there's not a "set
> dnsmangle off"-command in CBOS... :)
> The packet-mangling only happens on traffic from port 53 internally it
> seems so a work-around (which I've used myself) is to configure BIND to
> listen on another port as well (for example port 54) and forward the
> external port 53 (from the external IP of the router) to your internal
> DNS-server on port 54.
Wow I did not realize it was only on port 53. It is my cisco678 that
messed me up. So i just bought a /29 and put them on vip0 and
did not do NAT on that interface. Now my DNS server answers fine using
a ip from the new /29. You do loose 3 ips of the 8 you buy with this con
fig... one for network,bcast, and one for the vip interface...this is
all with pppoa...I imagine with bridging this would be easier and proab
only loose 2 ip.
HTH,
jd
jd at taproot.bz
http://taproot.bz
More information about the bind-users
mailing list