Public DNS with NAT IP

guy cipher guy.cipher at gmail.com
Fri Nov 17 18:06:38 UTC 2006 

Hi Barry,
Thanks you very much indeed. You are absolutely right, What I notice the
reverse zone name is reflecting to public IP in the current configuration "
named.conf" which is

zone "198.16.1.in-addr.arpa" in {
    type master;
    file "named.hosts.rev";

What I understood from your e-mail that I should have created the reverse
zone like below:

zone "172.31.32.in-addr.arpa" in {
    type master;
    file "named.hosts2.rev";

Should I delete the "named.hosts.rev? and please tell me again the What will
be  "A" record  for DNS server zones files. Would it be public IP or private
IP?

indigo IN A 203.81.204.10
10 IN PTR indigo.xyz.net.

or

indigo IN A 172.31.32.5
10 IN PTR indigo.xyz.net

Please advise for the correct  entries in the configuration file.

Best Regards

Cipher

PS I haven't tried it yet, but I will do it soon.


On 11/17/06, Barry Margolin <barmar at alum.mit.edu> wrote:
>
> In article <ejhl5j$192r$1 at sf1.isc.org>,
> "guy cipher" <guy.cipher at gmail.com> wrote:
>
> > Hi,
> > I'm setuping the BIND 9.3 on Solaris 9 server having private IP address.
> The
> > Firewall is doing mapping (NATing) the public IP to the private IP
> address.
> > Let's say 198.16.1.4 -> 172.31.31.99.
> >
> > The current DNS server is working fine having public IP is working fine.
> > When I copied all the configuration from current DNS server to another
> > server having private IP (172.31.31.99).  The configuration is same only
> the
> > server IP is private.  The DNS server is not resolving properly the
> queries
> > for non-authrorartive server, but it does resolves the all A records
> defined
> > in the DNS configuration.
> >
> > When I run 'nslookup' it generates meesage "can't find server name for
> > address 172.31.32.5". It resolves the queries from "127.0.0.1" loopback
>
> You should create a reverse DNS zone for your address range to fix that
> error.  This is a quirk of nslookup -- it requires that the server be
> able to do a reverse lookup of its own address.
>
> > address. Sometimes it generates "No address (A) records available.
> >
> > My questions are below:
> >
> > Is there any specific configuraton for bind when configure public DNS
> having
> > private IP and NAT on firewall.
> > Should the A record of the DNS server will reflect the "private IP" or
> > oublic IP.
>
> The problem isn't the A record, it's the PTR record.  If you tell
> nslookup to query 172.31.32.5, it tries to look up this PTR record.
>
> Another way to solve this problem is to NOT USE NSLOOKUP.  It's a lousy
> debugging tool.  Use "dig" for debugging, and "host" for quick-and-dirty
> lookups.
>
> --
> Barry Margolin, barmar at alum.mit.edu
> Arlington, MA
> *** PLEASE post questions in newsgroups, not directly to me ***
> *** PLEASE don't copy me on replies, I'll read them in the group ***
>
>
>

More information about the bind-users mailing list