Bind behind Cisco 675 router

Tim Maestas tmaestas at dnsconsultants.com
Sun Sep 23 04:52:09 UTC 2001 


	Sorry, that's http://www.cisco.com/warp/public/556/3.html

-Tim



On Sat, 22 Sep 2001, Tim Maestas wrote:

> 
> 	This is happening due to your NAT setup on the Cisco.
> 	http://www.cisco.com/warp/public/566/3.html has some
> 	info on how cisco NAT affects DNS packets.  Depending on
> 	how you need your nat setup, the examples on this page
> 	may or may not help you, but it should give you an
> 	understanding of what your router is doing.
> 
> -Tim
> 
> 
> 
> 
> On Sat, 22 Sep 2001, Deon Garrett wrote:
> 
> > 
> > 
> > 
> > Thanks for the input...
> > 
> > > 
> > > 	Well, at least the answers I'm seeing are plausible:
> > > 
> > > % dig @66.7.185.147 deong.org. any
> > > 
> > 
> > Yeah, it seems to work to resolve my own domain.  The major problem
> > I have right now is that my nameserver seems to try to resolve any
> > hostname on the internet to my IP address.  If you put
> > 
> > nameserver 66.7.185.147
> > 
> > in your /etc/resolv.conf file, and try to ping www.yahoo.com, you'll
> > actually be pinging 66.7.185.147.  Going through my router somehow causes
> > any A record to be assigned to that IP address.  I'm pretty sure it's the
> > router, since that doesn't happen if I use 192.168.1.2 for my nameserver,
> > and using that means that the data never has to pass through the Cisco...
> > 
> > > 
> > > 	Of course, this doesn't match the data currently registered with 
> > > the gTLD nameservers for .org:
> > > 
> > > 	But I suspect that this is exactly what you're trying to get set 
> > > up to change, right?   
> > > 
> > 
> > You are correct, sir.  :)
> > 
> > > 
> > > 	Again, the ratio between the refresh and retry intervals should 
> > > be modified so as to allow more retries per refresh, and you should 
> > > have at least two nameservers registered (worldnic.com could 
> > > presumably provide your secondary/slave service, or you could 
> > > potentially sign up for free secondary/slace service with 
> > > secondary.com), and you should have a backup MX registered (you'd 
> > > probably have to talk to your provider about this).
> > > 
> > 
> > If I ever get my server to work, I'll figure out what to do about a 
> > secondary server, backup mail server, etc.  It really isn't that big
> > a deal, as all I really want is to be able to ssh/scp/cvs/etc into my
> > box by name when I'm on the road so I can work without putting everything
> > on my laptop.  My ISP will host primary and secondary nameservers for
> > something like 5 bucks a month.
> > 
> > It just seemed like a good project to play with to get it working for
> > myself. 
> > 
> > 
> > 
> 
> 
>

More information about the bind-users mailing list