DNS behind firewall?

Michael E. Hanson MEHanson at GryphonsGate.com
Wed Dec 11 00:00:33 UTC 2002

Technique's the same regardless of the O/S.  The "firewall" (gateway router)
must forward all port 53 UDP and TCP queries to the internal address of the
DNS box, which will reply as it should, assuming it IS configured correctly.
BTW, it should report your public IP address(es) not the internal address.

Off topic for this list, but IIS operates by default on port 80, just like
any other web server.  If you configure it for another port, then it will
operate on that port, but that has nothing to do with your pop-up asking for
ID and Password.  This generally indicates that the "anonymous" user does
not have access to the web pages, or you've configured it to not allow
anonymous access.  Check the first by using Windows Explorer and checking
the security settings on the wwwroot folder and all its sub folders and
files.  Check the second by opening Internet Service Manager, selecting the
website, and click on properties.  Go to the Directory Security tab, and
enable anonymous access (hint:, let IIS manage the account and password).
Michael E. Hanson
President, Gryphon Consulting  Services
P.O. Box 1151
Bellevue, NE  68005-1151
(402) 871-9622

MEHanson at GryphonsGate.com (primary)
Gryphons_Master at yahoo.com
----- Original Message -----
From: "erol M" <erol at home.samurai.com>
To: "Terry" <drexelterry at aol.com>
Cc: <comp-protocols-dns-bind at isc.org>
Sent: Tuesday, December 10, 2002 4:17 PM
Subject: Re: DNS behind firewall?

> You could try using 1:1 on the gateway machine, and forward port 53
> on the gateway to port 53 on the DNS machine. Any responses from port 53
> on the DNS machine will have your static IP address and not the 192.168*
> But this assumes you are using a *nix OS.
> On Tue, 10 Dec 2002, Terry wrote:
> >
> > Does anyone have put the DNS server behind firewall? I tried to put a
> > hardware firewall (an IP-share router) in front of the DNS server,
> > however, I don't know how to make it works. Because the server gets a
> > 192.168.x.x IP from the router, so when I setup the DNS, the IP will
> > be 192.168.x.x but not my real static IP address. What can I do to
> > make it work?  By the way, do I need to open 88 port in order to
> > enable the web server of IIS? I open 80 port but when I connect to the
> > web site, a pop-up window ask me the ID and PWD.
> >
> --
> erol m   | "To know recursion, you must first know recursion."
> erol at samurai.com  |   -- anonymous

More information about the bind-users mailing list