Public DNS with NAT IP

[Barry Margolin]

In article <ejhl5j$192r$1 at sf1.isc.org>,
 "guy cipher" <guy.cipher at gmail.com> wrote:

> Hi,
> I'm setuping the BIND 9.3 on Solaris 9 server having private IP address. The
> Firewall is doing mapping (NATing) the public IP to the private IP address.
> Let's say 198.16.1.4 -> 172.31.31.99.
> 
> The current DNS server is working fine having public IP is working fine.
> When I copied all the configuration from current DNS server to another
> server having private IP (172.31.31.99).  The configuration is same only the
> server IP is private.  The DNS server is not resolving properly the queries
> for non-authrorartive server, but it does resolves the all A records defined
> in the DNS configuration.
> 
> When I run 'nslookup' it generates meesage "can't find server name for
> address 172.31.32.5". It resolves the queries from "127.0.0.1" loopback

You should create a reverse DNS zone for your address range to fix that 
error.  This is a quirk of nslookup -- it requires that the server be 
able to do a reverse lookup of its own address.

> address. Sometimes it generates "No address (A) records available.
> 
> My questions are below:
> 
> Is there any specific configuraton for bind when configure public DNS having
> private IP and NAT on firewall.
> Should the A record of the DNS server will reflect the "private IP" or
> oublic IP.

The problem isn't the A record, it's the PTR record.  If you tell 
nslookup to query 172.31.32.5, it tries to look up this PTR record.

Another way to solve this problem is to NOT USE NSLOOKUP.  It's a lousy 
debugging tool.  Use "dig" for debugging, and "host" for quick-and-dirty 
lookups.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***