Adding DNS ALG support to Bind?

Bill boober95 at rogers.com
Wed Nov 4 15:45:15 UTC 2015 

You are correct, but in the use case I am looking at there is no Internet 
connection.  There are a small number of mobile devices (5-15) behind a NAT 
gateway with DNS.  The gateway provides service to other small networks, but 
there is nothing else connected, it is an isolated system.

What I am trying to do is to be able to connect to s specific device, say a 
'supervisor' by name.  I don't know the IP, and their IP may change, or the 
supervisor might be a service that isn't always provided by the same device.  
The IP will change and the DNS will be updated updated as needed

I don't want the device/user accessing the 'supervisor' to know the IP 
address, other than the gateway IP, I don't want them to be able to save an 
old IP.  Also, I don't what anyone watching the network (it is wireless) to 
be able to see anything other than gateway addresses.

Basically, the device/user accessing the 'supervisor' should result in traffic 
thru the gateway/NAT that looks as if the superviser initiated it, ie the 
supervisor has been natted, and the reply IP is the gateway.

Not sure if I am going about this the right way, but that is my idea.  I 
appreciate the comments I am receiving here, thanks.

/bill


On Monday 02 November 2015 18:03, Carl Byington wrote:
> On Fri, 2015-10-30 at 12:38 -0400, Bill wrote:
> > What I would like to do to have the ability to query a DNS server
> > located behind a NAT, and have it return the IP of the NAT, and setup
> > connection tracking in the NAT to pass traffic thru to the host behind
> > the NAT.
>
> I think that is a bad idea, even if you can get it implemented and
> working.
>
> If I know the names of your hosts (they will eventually be found via
> google or other searches), then I can remotely reconfigure your NAT
> device to allow my attack traffic thru - and all it takes is a simple
> UDP query to your dns server.
>
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list