Dynamic DNS and NAT

wcbasquin wcbasquin at yahoo.com
Wed Jul 30 13:10:51 UTC 2003


"Herb Martin" <news at LearnQuick.com> wrote in message news:<bg3pft$215t$1 at sf1.isc.org>...
> > I am setting up an ISP network using private addresses and NAT at the
> > public gateway firewall.  Dynamic DNS is desired for host reachability
> > across the network.  Does Dynamic DNS work for private subscriber
> > addresses when there are thousands of hosts sharing a NAT (in this
> > case PAT using Netscreen) interface?
> 
> I don't think it works the way you intend but perhaps
> that doesn't matter.
> 
> The only address you can typically publish in public
> Internet DNS is the address (or addresses) of the NAT
> itself.  Remember, everything inside the NAT is technically
> unreachable from the Internet.
> 
> The NAT receives all traffic for these nodes and then
> translates and routes it between the address spaces.
> 
> So, Yes it works, but only for the public address(es) of the
> NAT.

Hi and Thanks for your reponse.

The network is a CDMA2000 mobile system.  This particular system only
has around 10-20,000 active data subscribers.  The data susbcribers
are given a private (10.0.0.0) address.  A firewall performs NAT on
subscriber traffic before reaching the Internet gateway router.  A DMZ
exists off the firewall with the DNS servers.  The subscribers are
mapped to only a few public IP addresses.  My understanding is that
Dynamic DNS can allow external hosts to send data to subscribers via
host name.  When used with DHCP service, the DHCP server will update
DNS with correct IP address of subscriber host name whenever addresses
are allocated.

External service would only see public IP address of Firewall NAT
interface.  Because each subscriber is mapped to separate ports on the
same address I don't see how DNS can keep track of the relevant
information.  Also port mapping to subscribers is dynamic so nailed up
ports on firewall don't exist unless statically mapped.

I would appreciate any opinions on this logic.


More information about the bind-users mailing list