BIND 8.3.3 as primary NS behind NAT
David Botham
dns at botham.net
Thu Aug 29 13:02:37 UTC 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I don't have much to offer about your specific problem, however, I
can offer a quick note on how dns works behind a Symantec (Raptor)
firewall.
The Raptor FW has a dns proxy built in called dnsd. It will not
"pass" dns requests through the fw, however, it will answer queries
for internal resolvers (like your internal name server).
Make sure that dnsd is On. Set up your internal name server to
Forward to the internal interface of the firewall. The firewall will
get the answer and deliver it to your internal name server. Also,
set the firewall's resolver to use the internal name server for
resolution. That way, your firewall has an accurate view of your
internal name space. If the firewall needs to resolve name outside
your name space, the internal name server will forward that query to
dnsd on the firewall and, well, you know the rest of the story....
Does that help?
Dave...
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]
> On Behalf Of Stefan Thaler
> Sent: Wednesday, August 28, 2002 4:06 PM
> To: comp-protocols-dns-bind at isc.org
> Subject: BIND 8.3.3 as primary NS behind NAT
>
> Hi everybody!
>
> I'm some kind of frustrated...
>
> Since days I try to get my BIND behind a Symantec firewall
> appliance to function correctly.
> lookups from inside my local network work without any problems.
>
> but if i put my dnsserver into the TCP/IP config as nameserver on
> an external pc and try to resolve
> any names (ie. with Internet explorer or NSLOOKUP) the only thing i
> get are
> timeouts...
>
> but the strange thing is, that on the same external box is running
> an exchange server... and if
> i send mails over this mail server - the names are resolved correct
> ON MY NAMESERVER!
> (i can watch this in the syslogfiles of my dns server...)
>
> i would highly appreciate your hints ant suggestions.
>
> What is my problem? is it the firewall - port forwarding?
> is it the BIND - config?
>
> If you need any other informations about my firewall config or the
> BIND config, pls. feel
> free to ask for it (via newsgroup or personal mail).
>
> Thank you very much!
>
> Steff
>
>
>
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
iQA/AwUBPW4bbVq85iiiMQ4EEQJupACguzlKP5MNhWH8knZlcHE9hil7PikAnjH0
46bKaUAQncLchbrqSXvNqtVh
=7exn
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list