dns server behind a firewall with a non routed ip?

Tue Dec 4 19:02:05 UTC 2001

Brad,
I'm not familiar with the non-IOS ciscos.  I suspect that your are not going to
succeed here.  Is there any way you could run your DSL out of another device?
Marc TXK

Brad Davis wrote:

> I have to use nat I don't have a choice. I only get one IP and that is for
> my router. btw this is off my DSL so I'm using a Cisco 678 Router.
>
> This is my IOS:
> IP NAT = enabled
> IP NAT Entry = 192.168.2.2, 80, *, 80, *;192.168.2.2, 22, *, 22,
> *;192.168.2.2, 21, *, 21, *;192.168.2.2, 53, *, 53, *;
>
> Thanks,
> Brad
> ----- Original Message -----
> From: Marc Thach Xuan Ky <marc.thach at tesco.net>
> To: Brad Davis <lists at linuxinstruct.com>
> Cc: <bind-users at isc.org>; Simon Waters <Simon at wretched.demon.co.uk>
> Sent: Tuesday, December 04, 2001 5:18 AM
> Subject: Re: dns server behind a firewall with a non routed ip?
>
> >
> > Brad,
> > My view on this is that you shouldn't NAT the DNS server at all, static or
> > dynamic it's all the same, if you NAT the DNS, the ALG (which translates
> DNS
> > responses) is used.  I'm not sure exactly how you're forwarding the the
> DNS
> > requests, publishing your IOS config would help.
> > rgds
> > Marc TXK
> >
> > Brad Davis wrote:
> >
> > > yeah.. I'm using a cisco router.. I would like to see those
> references...
> > >
> > > what do you mean about dynamic nat? how is that differnet from regular
> nat?
> > >
> > > Brad
> > > ----- Original Message -----
> > > From: Simon Waters <Simon at wretched.demon.co.uk>
> > > To: Brad Davis <lists at linuxinstruct.com>
> > > Sent: Tuesday, December 04, 2001 2:33 AM
> > > Subject: Re: dns server behind a firewall with a non routed ip?
> > >
> > > > Brad Davis wrote:
> > > > >
> > > > > Hi All,
> > > > >
> > > > > I'm attempting to setup bind 8.2.3.
> > > > >
> > > > > I have it behind a router, on a box with an ip of 192.168.2.2 and
> I'm
> > > > > forwarding port 53 from the router to this box. For some reason bind
> > > isn't
> > > > > answering any of the dns requests from the outside world.
> > > > >
> > > > > At first I couldn't do a 'nslookup - 192.168.2.2', only a
> 'nslookup -
> > > > > 127.0.0.1'.. but then I create a reverse dns zone for 192.168.2 and
> > > added an
> > > > > entry for .2. then I could do an 'nslookup - 192.168.2.2'. So I
> setup a
> > > > > slave zone for the external ip address of my router and copied that
> dns
> > > info
> > > > > over.. thinking that if I had that info I could do use it from
> outside
> > > my
> > > > > network. Well now that I did that bind will respond but it changes
> the
> > > ip of
> > > > > what the host is to the external ip of my router. So this is what I
> get:
> > > > > note the ips and the server name have been changed.
> > > > >
> > > > > microsoft.com
> > > > > Server:  my.server.com
> > > > > Address:  12.34.56.78
> > > > >
> > > > > Name:    microsoft.com
> > > > > Addresses:  12.34.56.78, 12.34.56.78, 12.34.56.78, 12.34.56.78,
> > > 12.34.56.78
> > > > >
> > > > > any ideas on why this is happening? and how I could set this up
> better?
> > > >
> > > > I've seen similar reports with Cisco Dynamic NAT - you shouldn't
> > > > use the dynamic NAT unless that is what you need, I have
> > > > references to Cisco web site if you are using a Cisco router.
> > > >
> > > > Assuming the responses are okay internally try posting the
> > > > router configuration.
> > > >
> >
> >
> >