Slave zero-TTL on CNAMES -> no ip nat service alg udp dns
/dev/rob0
rob0 at gmx.co.uk
Thu Jun 5 20:26:49 UTC 2014
On Thu, Jun 05, 2014 at 08:18:00PM +0200, Reindl Harald wrote:
> Am 05.06.2014 18:48, schrieb Ben Croswell:
> > Cisco routers do have the ability to "doctor" DNS packets
> > when doing NAT
>
> argh - and it is on by default
Interesting -- go figure.
> "no ip nat service alg udp dns"
> "no ip nat service alg tcp dns"
>
> > When it doctors it sets the TTL to 0 but
> > I dont know why it would only do it on CNAME records.
>
> because that crap is broken, on our large wire in front of ns2
> the Cisco 2 years ago even killed zone transfers at least from
> "large" zones at all as well as PTR answers from the NAT behind
> containing the public IP
>
> thanks and sorry for the noise
No problem, it's not noise.
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
More information about the bind-users
mailing list