Adding DNS ALG support to Bind?

Bill boober95 at rogers.com
Fri Oct 30 16:44:53 UTC 2015 

Yes, I am also looking a tools to update DNS when IP address changes.

/bill


On Saturday 24 October 2015 17:35, Mark Andrews wrote:
> Get yourself IPv6 and forget about the NAT.  Complain to your ISP
> if they don't supply IPv6.  They should be able to as they have had
> two decades to prepare for the fact the IPv4 addresses have run
> out.  That way you don't have to worry about different internal and
> external addresses.
>
> Even routers that dynamically update the DNS when they get a new
> address are starting to no longer work as ISP's introduce Carrier
> Grade NATs (CGN) as they have run out of addresses to even give
> customers a unshared IPv4 addresses.
>
> If you really want to track external addresses use a tool outside
> of named and have it dynamically update the address in the DNS when
> it changes.
>
> Mark
>
> In message <201510241649.33628.boober95 at rogers.com>, Bill writes:
> > I was wondering if anyone has looked at or is is the process of adding
> > DNS ALG support, or something similar, to bind?
> >
> > https://tools.ietf.org/html/rfc2694
> >
> > What I would like to do to have the ability to query a DNS server located
> > behind a NAT, and have it return the IP of the NAT, and setup connection
> > tracking in the NAT to pass traffic thru to the host behind the NAT.  The
> > effect of this is to have a reversible NAT, ie one that provides access
> > to hosts behind the NAT, not by their IP, but by their hostname.
> >
> > (There are other things in DNS ALG, but I am really interesting only in
> > the reversible NAT aspect.)
> >
> > Implementing this seems to need the DNS server (bind in this case), to
> > configure the NAT using the 'expect' feature of connection tracking. 
> > This would permit the following packets to traverse the NAT to the host,
> > provided of course they meet the expectation (source, protocol, etc).
> >
> > I'd like to know of anyone has looked at this, is implementing it, or
> > knows of any implementations.  I have looked into it but have only seen
> > enterprise implementations (Cisco & Juniper), but nothing open-source.
> >
> > /bill
> > _______________________________________________
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> > unsubscribe from this list
> >
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list