Public DNS with NAT IP
Barry Margolin
barmar at alum.mit.edu
Fri Nov 17 01:58:16 UTC 2006
In article <ejhl5j$192r$1 at sf1.isc.org>,
"guy cipher" <guy.cipher at gmail.com> wrote:
> Hi,
> I'm setuping the BIND 9.3 on Solaris 9 server having private IP address. The
> Firewall is doing mapping (NATing) the public IP to the private IP address.
> Let's say 198.16.1.4 -> 172.31.31.99.
>
> The current DNS server is working fine having public IP is working fine.
> When I copied all the configuration from current DNS server to another
> server having private IP (172.31.31.99). The configuration is same only the
> server IP is private. The DNS server is not resolving properly the queries
> for non-authrorartive server, but it does resolves the all A records defined
> in the DNS configuration.
>
> When I run 'nslookup' it generates meesage "can't find server name for
> address 172.31.32.5". It resolves the queries from "127.0.0.1" loopback
You should create a reverse DNS zone for your address range to fix that
error. This is a quirk of nslookup -- it requires that the server be
able to do a reverse lookup of its own address.
> address. Sometimes it generates "No address (A) records available.
>
> My questions are below:
>
> Is there any specific configuraton for bind when configure public DNS having
> private IP and NAT on firewall.
> Should the A record of the DNS server will reflect the "private IP" or
> oublic IP.
The problem isn't the A record, it's the PTR record. If you tell
nslookup to query 172.31.32.5, it tries to look up this PTR record.
Another way to solve this problem is to NOT USE NSLOOKUP. It's a lousy
debugging tool. Use "dig" for debugging, and "host" for quick-and-dirty
lookups.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list