Adding DNS ALG support to Bind?
Reindl Harald
h.reindl at thelounge.net
Sat Oct 24 21:06:11 UTC 2015
you *really* do not want that
have been punished more than one time by cisco routers having that crap
enabled and breaking DNS in various ways including mangle zone transfers
and set the TTL of every CNAME to 0 instead leave it untouched or just
break zone transfers silently at all
setup internal and external DNS servers and keep in mind whith DNSSEC
that would not really work likely anyways
Am 24.10.2015 um 22:49 schrieb Bill:
> I was wondering if anyone has looked at or is is the process of adding DNS ALG
> support, or something similar, to bind?
>
> https://tools.ietf.org/html/rfc2694
>
> What I would like to do to have the ability to query a DNS server located
> behind a NAT, and have it return the IP of the NAT, and setup connection
> tracking in the NAT to pass traffic thru to the host behind the NAT. The
> effect of this is to have a reversible NAT, ie one that provides access to
> hosts behind the NAT, not by their IP, but by their hostname.
>
> (There are other things in DNS ALG, but I am really interesting only in the
> reversible NAT aspect.)
>
> Implementing this seems to need the DNS server (bind in this case), to
> configure the NAT using the 'expect' feature of connection tracking. This
> would permit the following packets to traverse the NAT to the host, provided
> of course they meet the expectation (source, protocol, etc).
>
> I'd like to know of anyone has looked at this, is implementing it, or knows of
> any implementations. I have looked into it but have only seen enterprise
> implementations (Cisco & Juniper), but nothing open-source
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20151024/ab9f1134/attachment.bin>
More information about the bind-users
mailing list