dns server behind a firewall with a non routed ip?

Brad Davis lists at linuxinstruct.com
Tue Dec 4 16:28:50 UTC 2001 

I have to use nat I don't have a choice. I only get one IP and that is for
my router. btw this is off my DSL so I'm using a Cisco 678 Router.

This is my IOS:
IP NAT = enabled
IP NAT Entry = 192.168.2.2, 80, *, 80, *;192.168.2.2, 22, *, 22,
*;192.168.2.2, 21, *, 21, *;192.168.2.2, 53, *, 53, *;

Thanks,
Brad
----- Original Message -----
From: Marc Thach Xuan Ky <marc.thach at tesco.net>
To: Brad Davis <lists at linuxinstruct.com>
Cc: <bind-users at isc.org>; Simon Waters <Simon at wretched.demon.co.uk>
Sent: Tuesday, December 04, 2001 5:18 AM
Subject: Re: dns server behind a firewall with a non routed ip?


>
> Brad,
> My view on this is that you shouldn't NAT the DNS server at all, static or
> dynamic it's all the same, if you NAT the DNS, the ALG (which translates
DNS
> responses) is used.  I'm not sure exactly how you're forwarding the the
DNS
> requests, publishing your IOS config would help.
> rgds
> Marc TXK
>
> Brad Davis wrote:
>
> > yeah.. I'm using a cisco router.. I would like to see those
references...
> >
> > what do you mean about dynamic nat? how is that differnet from regular
nat?
> >
> > Brad
> > ----- Original Message -----
> > From: Simon Waters <Simon at wretched.demon.co.uk>
> > To: Brad Davis <lists at linuxinstruct.com>
> > Sent: Tuesday, December 04, 2001 2:33 AM
> > Subject: Re: dns server behind a firewall with a non routed ip?
> >
> > > Brad Davis wrote:
> > > >
> > > > Hi All,
> > > >
> > > > I'm attempting to setup bind 8.2.3.
> > > >
> > > > I have it behind a router, on a box with an ip of 192.168.2.2 and
I'm
> > > > forwarding port 53 from the router to this box. For some reason bind
> > isn't
> > > > answering any of the dns requests from the outside world.
> > > >
> > > > At first I couldn't do a 'nslookup - 192.168.2.2', only a
'nslookup -
> > > > 127.0.0.1'.. but then I create a reverse dns zone for 192.168.2 and
> > added an
> > > > entry for .2. then I could do an 'nslookup - 192.168.2.2'. So I
setup a
> > > > slave zone for the external ip address of my router and copied that
dns
> > info
> > > > over.. thinking that if I had that info I could do use it from
outside
> > my
> > > > network. Well now that I did that bind will respond but it changes
the
> > ip of
> > > > what the host is to the external ip of my router. So this is what I
get:
> > > > note the ips and the server name have been changed.
> > > >
> > > > microsoft.com
> > > > Server:  my.server.com
> > > > Address:  12.34.56.78
> > > >
> > > > Name:    microsoft.com
> > > > Addresses:  12.34.56.78, 12.34.56.78, 12.34.56.78, 12.34.56.78,
> > 12.34.56.78
> > > >
> > > > any ideas on why this is happening? and how I could set this up
better?
> > >
> > > I've seen similar reports with Cisco Dynamic NAT - you shouldn't
> > > use the dynamic NAT unless that is what you need, I have
> > > references to Cisco web site if you are using a Cisco router.
> > >
> > > Assuming the responses are okay internally try posting the
> > > router configuration.
> > >
>
>
>

More information about the bind-users mailing list