Public DNS with NAT IP

Barry Margolin barmar at
Fri Nov 17 01:58:16 UTC 2006

In article <ejhl5j$192r$1 at>,
 "guy cipher" <guy.cipher at> wrote:

> Hi,
> I'm setuping the BIND 9.3 on Solaris 9 server having private IP address. The
> Firewall is doing mapping (NATing) the public IP to the private IP address.
> Let's say ->
> The current DNS server is working fine having public IP is working fine.
> When I copied all the configuration from current DNS server to another
> server having private IP (  The configuration is same only the
> server IP is private.  The DNS server is not resolving properly the queries
> for non-authrorartive server, but it does resolves the all A records defined
> in the DNS configuration.
> When I run 'nslookup' it generates meesage "can't find server name for
> address". It resolves the queries from "" loopback

You should create a reverse DNS zone for your address range to fix that 
error.  This is a quirk of nslookup -- it requires that the server be 
able to do a reverse lookup of its own address.

> address. Sometimes it generates "No address (A) records available.
> My questions are below:
> Is there any specific configuraton for bind when configure public DNS having
> private IP and NAT on firewall.
> Should the A record of the DNS server will reflect the "private IP" or
> oublic IP.

The problem isn't the A record, it's the PTR record.  If you tell 
nslookup to query, it tries to look up this PTR record.

Another way to solve this problem is to NOT USE NSLOOKUP.  It's a lousy 
debugging tool.  Use "dig" for debugging, and "host" for quick-and-dirty 

Barry Margolin, barmar at
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

More information about the bind-users mailing list