Running bind on a NAT'd server behind a firewall?

Russ Huntington russh at taggamers.com
Sun Dec 9 23:12:04 UTC 2001


-----Original Message-----
From: Joseph Watson [mailto:jtwatson at datakota.com] 
Sent: Saturday, December 08, 2001 2:08 PM
 
>Hello

>	I have been trying to get a dns server running behind a NAT for
a >while now. 
>  I cant get it to work.  I am using Mandrakes SNF which uses Linux
kernel 
>2.2.19, and uses ipchains for firewalling and ipvsadm to do port 
>forwarding.  I can not get connections from the externel net (interent)
to 
>forward through to the dns server and be anwsered successfully.  I am 
>trying to figure out if the problem is with bind or the firewall???
Can 
>you give a breif deiscrption of what you forwarded to  make this work.
Are 
>you using linux???


>Thanks much

>Joseph


Hello again

Both my Master and slave server are running RH 7.1 and Bind 9.x.x.  If
your not getting connections through to your DNS server then I'm
thinking that its your firewall.  I can't help you at that point as I'm
not using Linux for a firewall.  I've got a hardware firewall, and I
just create a rule to allow port 53 through to my different machines
(Master & slave).  Do you allow any other services to run? Web server,
etc....do those work through your firewall? One thought I have is that
possibly you might add the "query-source address * port *" to your
named.conf.  That will insure that you use udp 53 for DNS through your
firewall.  I also don't use an internal view.  I've just got an
"Internal" DNS server.

One question I have to ask both of you.... (joseph & steve) have you had
the 
Reverse lookup of your actual ip address changed by your isp?  Say to
ns1.mydomain.org?  And then registered your name servers with network
solutions?  If your live on the net (or hope to be) not having done that
will greatly reduce your chances of having a name server that people can
find.

L8r

Russ



More information about the bind-users mailing list