Moving DNS behind NAT

Peter Dambier peter at
Sun May 14 17:50:30 UTC 2006

Daniel Ström wrote:
> I have two DNS servers (BIND 9.2.2) that have static public IP:s. I  
> now have to move them behind a router but i can still use the same  
> static IP:s but i have to use NAT for them. I will change the IP on  
> the machines to 192.168.x.x adresses and NAT the public IP:s with the  
> firewall to those two adresses/machines/DNS-servers.
> What needs to be changed here? Do i need to change all my A and NS  
> records to the internal 192.182.x.x or shouldnt they still be using  
> the external IP that is mapped with NAT?
> / Daniel

It depends:

Seen from outside, dont change anything.

Seen from inside, if your NAT is intelligent enough, again no need
to change.

Your inside clients might need to set their dns resolver (/etc/resolve.conf)
to the internal address.

Are both servers behind different NATs or behind the same NAT?

If they are behind different NATs then there is probably no need to
change anything at all.

Hope that helps
Peter and Karin

Peter and Karin Dambier
The Public-Root Consortium
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP:
mail: peter at
mail: peter at

More information about the bind-users mailing list