Adding DNS ALG support to Bind?
Bill
boober95 at rogers.com
Thu Nov 5 16:24:02 UTC 2015
Yes, to do a full implementation usable in an enterprise you are correct, but
what I am looking for is a small demo with only 10 machines or so. I believe
your comment about IPv5 is correct too, but I am limited for this trial.
/bill
On Wednesday 04 November 2015 15:30, Mark Andrews wrote:
> If you want this sort of behaviour you are going to have to pay
> someone someone lots of money to add this sort of functionality to
> a nameserver and then pay them more money to maintain it. This
> sort of thing does not exist in normal nameservers.
>
> Nameservers don't normally do other things on DNS lookups.
>
> Normally what one does is configure port forwarding in the NAT /
> open a hole in the firewall. Some NATs can update the DNS when
> their external address changes other wise you need a NAT that
> modifies DNS payloads and that is problematical in lots of ways.
>
> NATs really are not something anyone sane wants in their network.
> Anyone who says they do really doesn't understand IP security. They
> are a necessary evil with IPv4 as we long ago ran out of addresses
> to number every device uniquely.
>
> Mark
>
> In message <201511041050.51346.boober95 at rogers.com>, Bill writes:
> > See my last posting on what I am trying to achieve, I think in the
> > interest o f
> > brevity I may have overly simplified my goal.
> >
> > What I want is for the DNS query to automatically configure the NAT to
> > permit
> >
> > the outside connection. In other words it should, after the DNS query,
> > look as if the named device had initiated the connection from inside that
> > NAT. My
> >
> > last post explains the use case a bit better, I hope.
> >
> > /bill
More information about the bind-users
mailing list