Adding DNS ALG support to Bind?

Mark Andrews marka at isc.org
Wed Nov 4 20:30:41 UTC 2015 

If you want this sort of behaviour you are going to have to pay
someone someone lots of money to add this sort of functionality to
a nameserver and then pay them more money to maintain it.  This
sort of thing does not exist in normal nameservers.

Nameservers don't normally do other things on DNS lookups.

Normally what one does is configure port forwarding in the NAT /
open a hole in the firewall.  Some NATs can update the DNS when
their external address changes other wise you need a NAT that
modifies DNS payloads and that is problematical in lots of ways.

NATs really are not something anyone sane wants in their network.
Anyone who says they do really doesn't understand IP security. They
are a necessary evil with IPv4 as we long ago ran out of addresses
to number every device uniquely.

Mark

In message <201511041050.51346.boober95 at rogers.com>, Bill writes:
> See my last posting on what I am trying to achieve, I think in the interest o
> f 
> brevity I may have overly simplified my goal.
> 
> What I want is for the DNS query to automatically configure the NAT to permit
>  
> the outside connection.  In other words it should, after the DNS query, look 
> as if the named device had initiated the connection from inside that NAT.  My
>  
> last post explains the use case a bit better, I hope.
> 
> /bill
> 
> 
> On Monday 02 November 2015 21:48, Dave Warren wrote:
> > On 2015-11-02 15:03, Carl Byington wrote:
> 
> > And? NAT != firewall. Your firewall would still need to be configured to
> > permit such a connection, and presumably your NAT environment would need
> > to be configured to allow it as well.
> >
> > If that's not desired, one would probably not enable this functionality.
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>  from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list