Adding DNS ALG support to Bind?

Bill boober95 at rogers.com
Fri Nov 6 18:21:10 UTC 2015 

Thanks for the suggestion.  My intention for now is to trial on a laptop as 
that give me the maximum flexibility for testing.

/bill


On Thursday 05 November 2015 17:44, Mark Andrews wrote:
> In message <201511051124.03206.boober95 at rogers.com>, Bill writes:
> > Yes, to do a full implementation usable in an enterprise you are correct,
> > but
> >
> > what I am looking for is a small demo with only 10 machines or so.  I
> > believe
> >
> > your comment about IPv5 is correct too, but I am limited for this trial.
> >
> > /bill
>
> Then find a (home) router with NAT and the ability to send dynamic
> updates and configure it as described below.  They exist and can
> be purchased for less than USD100 and usually less that USD50.  You
> may want to add a "_dns-update._udp.example.net SRV" record pointing
> to the nameservers as someone convinced the router vendor(s) that
> this is how you do it rather than that being a override to the
> default of just sending to the nameservers for the record to be
> updated.
>
> The nameserver being updated can be inside the network.
>
> If you don't want to buy a router you can use a Linux or BSD box
> and configure the DHCP client to update the nameserver on renumbering.
>
> I did that for many years with FreeBSD with two ethernet card,
> running named and ISC's dhcp client using the dhcp client hooks.
>
> Mark
>
> > On Wednesday 04 November 2015 15:30, Mark Andrews wrote:
> > > If you want this sort of behaviour you are going to have to pay
> > > someone someone lots of money to add this sort of functionality to
> > > a nameserver and then pay them more money to maintain it.  This
> > > sort of thing does not exist in normal nameservers.
> > >
> > > Nameservers don't normally do other things on DNS lookups.
> > >
> > > Normally what one does is configure port forwarding in the NAT /
> > > open a hole in the firewall.  Some NATs can update the DNS when
> > > their external address changes other wise you need a NAT that
> > > modifies DNS payloads and that is problematical in lots of ways.
> > >
> > > NATs really are not something anyone sane wants in their network.
> > > Anyone who says they do really doesn't understand IP security. They
> > > are a necessary evil with IPv4 as we long ago ran out of addresses
> > > to number every device uniquely.
> > >
> > > Mark
> > >
> > > In message <201511041050.51346.boober95 at rogers.com>, Bill writes:
> > > > See my last posting on what I am trying to achieve, I think in the
> > > > interest o f
> > > > brevity I may have overly simplified my goal.
> > > >
> > > > What I want is for the DNS query to automatically configure the NAT
> > > > to permit
> > > >
> > > > the outside connection.  In other words it should, after the DNS
> > > > query, look as if the named device had initiated the connection from
> > > > inside that NAT.  My
> > > >
> > > > last post explains the use case a bit better, I hope.
> > > >
> > > > /bill

More information about the bind-users mailing list