Newbie: DNS and NAT?
Mattias Nyholm
mattias.nyholm at framfab.se
Tue Sep 18 17:57:59 UTC 2001
This must be a very common problem. I'm not a BIND or DNS expert,
but wouldn't it be possible to add a feature to BIND so that you can
feed it an "IP translation list" so that it knows there is some NAT/PAT
going on? Then it would know that it indeed is authorative, although all
communications occur over a totally different IP address.
I think this is a pretty obvious solution, but since it isn't already in
BIND
I guess there must be some good reasons why the idea is flawed.. :)
Regards,
Mattias
"Brad Knowles" <brad.knowles at skynet.be> wrote in message
news:9o71cr$kcp at pub3.rc.vix.com...
> The problem with trying to do DNS through a NAT device is that if
> the machine doesn't see itself on the list of authoritative
> nameservers, it will answer non-authoritatively (which would mean
> that your secondaries/slaves would consider your primary/master to be
> broken, and would be unable to get a good zone transfer from you).
> But, if you list the machine's private IP address in the zone as well
> as it's public one (assuming that you have a static IP address
> assigned to you by your ADSL provider), then people are going to be
> unable to contact your primary/master reliably.
More information about the bind-users
mailing list