Bind Internal

Kevin Darcy kcd at daimlerchrysler.com
Wed Sep 4 02:04:41 UTC 2002


Mankind wrote:

> I'm trying to do both. Run it as NS to point to a domain name.
>
> "Kevin Darcy" <kcd at daimlerchrysler.com> wrote in message
> news:akp0qn$2csf$1 at isrv4.isc.org...
> >
> > Mankind wrote:
> >
> > > Hi guys,
> > >
> > > I'm running BIND on an internal machine. It starts up ok but it doesn't
> seem
> > > to be resolving. I'm using Winroute as my NAT and forwarding port 53
> calls
> > > internally. Testing via telnet seems to work to port 53. Doesn't this
> mean
> > > that requests are getting to the internal box?
> >
> > Are you trying to serve DNS to the outside, resolve outside DNS for your
> > internal clients, or both?
> >
> > The ports you have to open up will vary depending on what you're trying to
> > accomplish.

Okay, then, assuming you haven't messed with the query-source setting in
named.conf, you need to open up the unreserved range to port 53 outbound (for
queries your nameserver makes), port 53 to unreserved range inbound (for
responses to those queries), unreserved range to port 53 inbound (for queries
to your nameserver) and port 53 to unreserved range outbound (for answers to
those queries) as well as port 53 to port 53 in both directions (because some
folks set their query source address to port 53). Open this up for TCP as well
as UDP, since TCP is used for zone transfers as well as for query retries when
the response doesn't fit into a 512-byte UDP packet.


- Kevin





More information about the bind-users mailing list