BIND8: Using NATed address as NS NOK?

Kevin Darcy kcd at daimlerchrysler.com
Fri Aug 25 22:27:57 UTC 2000


Split DNS should be able to solve this problem. The nameservers would
have external addresses in the external DNS, and internal addresses in
the internal DNS. Search the archives for split DNS, or see the "DNS and
Firewalls" section of the _DNS_and_BIND_ O'Reilly book.


- Kevin

ffaure at bigSPAMGAMOUTAKUSANfoot.com wrote:

> Hi,
>
> Like a lot of people, our site has only one network with no DMZ, and
> is located between a firewall which does NAT. Our DNS servers are
> primary for our zone, and are thus sitting in the private network. We
> use the 192.168.0.0. addressing plan.
>
> Because our basic servers like mail, news, etc. must be reachable from
> the Net, we had to use public addresses in the NS record, which
> matches the one in our NIC record. NS records also include a couple of
> DNS servers at our ISP as backup.
>
> Problem is, we must use the NATed public Internet addresses for our
> primary DNS servers, but BIND complains a bit because, obviously, it
> cannot reach our two DNS servers sitting in our LAN because the DNS
> server is sitting in the private network:
>
>                          NS      ns0.acme.com.
>                          NS      ns1.acme.com.
> ns0.acme.com.   A       65.135.202.158
> ns1.acme.com.   A       65.135.202.159
>
> =>
> Aug 25 18:43:17 ns0 named[8356]: sysquery: findns error (NXDOMAIN) on
> ns0.acme.com.?
> Aug 25 18:43:17 ns1 named[8356]: sysquery: findns error (NXDOMAIN) on
> ns1.acme.com.?
>
> Lookups work OK, so I guess BIND is working, but does the above
> matter, and if it doesn't, can I tell it to stop bugging me as it
> fills the logfiles for sthing I cannot do anything about?
>
> Thx much
> FF.






More information about the bind-users mailing list