Public DNS with NAT IP

guy cipher guy.cipher at
Fri Nov 17 18:06:38 UTC 2006

Hi Barry,
Thanks you very much indeed. You are absolutely right, What I notice the
reverse zone name is reflecting to public IP in the current configuration "
named.conf" which is

zone "" in {
    type master;
    file "named.hosts.rev";

What I understood from your e-mail that I should have created the reverse
zone like below:

zone "" in {
    type master;
    file "named.hosts2.rev";

Should I delete the "named.hosts.rev? and please tell me again the What will
be  "A" record  for DNS server zones files. Would it be public IP or private

indigo IN A


indigo IN A

Please advise for the correct  entries in the configuration file.

Best Regards


PS I haven't tried it yet, but I will do it soon.

On 11/17/06, Barry Margolin <barmar at> wrote:
> In article <ejhl5j$192r$1 at>,
> "guy cipher" <guy.cipher at> wrote:
> > Hi,
> > I'm setuping the BIND 9.3 on Solaris 9 server having private IP address.
> The
> > Firewall is doing mapping (NATing) the public IP to the private IP
> address.
> > Let's say ->
> >
> > The current DNS server is working fine having public IP is working fine.
> > When I copied all the configuration from current DNS server to another
> > server having private IP (  The configuration is same only
> the
> > server IP is private.  The DNS server is not resolving properly the
> queries
> > for non-authrorartive server, but it does resolves the all A records
> defined
> > in the DNS configuration.
> >
> > When I run 'nslookup' it generates meesage "can't find server name for
> > address". It resolves the queries from "" loopback
> You should create a reverse DNS zone for your address range to fix that
> error.  This is a quirk of nslookup -- it requires that the server be
> able to do a reverse lookup of its own address.
> > address. Sometimes it generates "No address (A) records available.
> >
> > My questions are below:
> >
> > Is there any specific configuraton for bind when configure public DNS
> having
> > private IP and NAT on firewall.
> > Should the A record of the DNS server will reflect the "private IP" or
> > oublic IP.
> The problem isn't the A record, it's the PTR record.  If you tell
> nslookup to query, it tries to look up this PTR record.
> Another way to solve this problem is to NOT USE NSLOOKUP.  It's a lousy
> debugging tool.  Use "dig" for debugging, and "host" for quick-and-dirty
> lookups.
> --
> Barry Margolin, barmar at
> Arlington, MA
> *** PLEASE post questions in newsgroups, not directly to me ***
> *** PLEASE don't copy me on replies, I'll read them in the group ***

More information about the bind-users mailing list