Running public Bind Server from behind firewall

Kurt Boyack kboyack at
Tue Jun 7 05:47:07 UTC 2005

On 6/6/05, John McGowan <mcgowan at> wrote:
> I've been running bind for a while now without any problems.  server is
> on public ip space behind a L2 transparent firewall.
> I just reconfigured the server to be on a private ip address and moved
> it behind a new firewall that is not a L2 transparent firewall.  I have
> setup a "Mapped IP" on the firewall, but for some reason DNS doesn't
> work like it should.  looks like responses to queries done by the dns
> server aren't getting back.
> The thing that's confusing me is that all other services on the machine
> that were moved are working fine SMTP, POP, HTTP.  DNS is the only
> service that is having problems.
> Is there something obvious that I would have to change in my named.conf
> to support a bind server running on a private ip address behind a
> firewall?  (keep in mind that the firewalls i'm running are identical
> with identical policies, the only difference is the introduction of this
> private ip network)

Does your named.conf contain a "blackhole" statement? If it does and
the queries are coming from the private IP address of your firewall,
that could be your problem.

More information about the bind-users mailing list