Novice Question: node has one address behind NAT also an external address.
Kevin Darcy
kcd at daimlerchrysler.com
Wed Jul 5 22:09:23 UTC 2000
It's technically possible, but a really bad idea. When the name gets
cached by intermediate caching servers, it will typically be
"round-robin"ed, in which case the private address will be presented first
approximately 50% of the time from such servers. The effects of this range
from: a) client times out and fails over to public address after a short
delay, b) client times out and connection fails, c) client connects to an
internal machine -- the WRONG machine -- on their own internal network,
since it also happens to have the same private address and has a service
running on the same port. You can of course reduce the effects of caching
by lowering the TTL value, but this then generates excessive DNS traffic.
A better, but more maintenance-intensive solution, is to run a normal
"split" DNS, with public addresses in the external version(s) of the
zone(s), and private addresses in the internal version(s).
- Kevin
Johnny Fribert Lauridsen wrote:
> Couldn't 'subnet-sorting' be used for this?
> /Johnny
>
> At 18:31 04/07/2000 +0100, peterhr.removethis at bigfoot.com wrote:
>
> >I hope someone can give me a simple answer.
> >
> >I have a Lotus Notes server that sits behind a cisco router that does
> >NAT. The workstations (95/98/NT4/W2000) on the LAN (about 100 of them)
> >have IP addresses assigned by DHCP which also dishes out the addresses
> >of external DNS, internal WINS and default gateway.
> >
> >The notes server has a lan address of 192.168.63.20 internally.
> >
> >The ISP has set up a CNAME that will correctly locate the server from
> >the Internet - the CISCO correctly maps this port to the internal
> >address.
> >
> >My problem is how to PCs on the LAN to identify the notes server to
> >the internal address - DNS presently gives the external address.
> >
> >I can do it using Hosts. but that means a file edit as portable PC's
> >are moved into / out of the LAN.
> >
> >Thanks in advance
> >
> >Peter
> >
> >note:
> >* If anyone knows of a worked example - that would be great
> >* It is much easier for me if solutions are NT based
More information about the bind-users
mailing list