Adding DNS ALG support to Bind?

Bill boober95 at
Thu Nov 5 16:24:02 UTC 2015

Yes, to do a full implementation usable in an enterprise you are correct, but 
what I am looking for is a small demo with only 10 machines or so.  I believe 
your comment about IPv5 is correct too, but I am limited for this trial.


On Wednesday 04 November 2015 15:30, Mark Andrews wrote:
> If you want this sort of behaviour you are going to have to pay
> someone someone lots of money to add this sort of functionality to
> a nameserver and then pay them more money to maintain it.  This
> sort of thing does not exist in normal nameservers.
> Nameservers don't normally do other things on DNS lookups.
> Normally what one does is configure port forwarding in the NAT /
> open a hole in the firewall.  Some NATs can update the DNS when
> their external address changes other wise you need a NAT that
> modifies DNS payloads and that is problematical in lots of ways.
> NATs really are not something anyone sane wants in their network.
> Anyone who says they do really doesn't understand IP security. They
> are a necessary evil with IPv4 as we long ago ran out of addresses
> to number every device uniquely.
> Mark
> In message <201511041050.51346.boober95 at>, Bill writes:
> > See my last posting on what I am trying to achieve, I think in the
> > interest o f
> > brevity I may have overly simplified my goal.
> >
> > What I want is for the DNS query to automatically configure the NAT to
> > permit
> >
> > the outside connection.  In other words it should, after the DNS query,
> > look as if the named device had initiated the connection from inside that
> > NAT.  My
> >
> > last post explains the use case a bit better, I hope.
> >
> > /bill

More information about the bind-users mailing list