Newbie: DNS and NAT?
Brad Knowles
brad.knowles at skynet.be
Tue Sep 18 21:47:56 UTC 2001
At 6:51 AM +1200 9/19/01, Juha Saarinen wrote:
> The "trick" here is to recognise the inherent limitations of such a
> set-up, and work around them. My ISP's nameservers are authoritative for
> my domain, but they slave off my nameserver. That way, I get full control
> over my domain, yet I don't have lots of DNS traffic to deal with.
>
> This type of setup (I've seen it referred to as "stealth DNS" or "hidden
> DNS") requires a friendly ISP, and of course, working DNS on your side.
Sure, a classic "Hidden Master" design. But how do you get them
to successfully perform a zone transfer from your machine hidden
behind your NAT/firewall? Unless the NAT/firewall device is doing
address translation both for incoming and outgoing packets, and not
only on the exterior IP "envelope", but also within the content of
the DNS packet?
--
Brad Knowles, <brad.knowles at skynet.be>
H4sICIFgXzsCA2RtYS1zaWcAPVHLbsMwDDvXX0H0kkvbfxiwVw8FCmzAzqqj1F4dy7CdBfn7
Kc6wmyGRFEnvvxiWQoCvqI7RSWTcfGXQNqCUAnfIU+AT8OZ/GCNjRVlH0bKpguJkxiITZqes
MxwpSucyDJzXxQEUe/ihgXqJXUXwD9ajB6NHonLmNrUSK9nacHQnH097szO74xFXqtlbT3il
wMsBz5cnfCR5cEmci0Rj9u/jqBbPeES1I4PeFBXPUIT1XDSOuutFXylzrQvGyboWstCoQZyP
dxX4dLx0eauFe1x9puhoi0Ao1omEJo+BZ6XLVNaVpWiKekxN0VK2VMpmAy+Bk7ZV4SO+p1L/
uErNRS/qH2iFU+iNOtbcmVt9N16lfF7tLv9FXNj8AiyNcOi1AQAA
More information about the bind-users
mailing list