Adding DNS ALG support to Bind?

Mark Andrews marka at isc.org
Sat Oct 24 21:35:12 UTC 2015


Get yourself IPv6 and forget about the NAT.  Complain to your ISP
if they don't supply IPv6.  They should be able to as they have had
two decades to prepare for the fact the IPv4 addresses have run
out.  That way you don't have to worry about different internal and
external addresses.

Even routers that dynamically update the DNS when they get a new
address are starting to no longer work as ISP's introduce Carrier
Grade NATs (CGN) as they have run out of addresses to even give
customers a unshared IPv4 addresses.

If you really want to track external addresses use a tool outside
of named and have it dynamically update the address in the DNS when
it changes.

Mark

In message <201510241649.33628.boober95 at rogers.com>, Bill writes:
> I was wondering if anyone has looked at or is is the process of adding DNS ALG 
> support, or something similar, to bind?
> 
> https://tools.ietf.org/html/rfc2694
> 
> What I would like to do to have the ability to query a DNS server located 
> behind a NAT, and have it return the IP of the NAT, and setup connection 
> tracking in the NAT to pass traffic thru to the host behind the NAT.  The 
> effect of this is to have a reversible NAT, ie one that provides access to 
> hosts behind the NAT, not by their IP, but by their hostname.
> 
> (There are other things in DNS ALG, but I am really interesting only in the 
> reversible NAT aspect.)
> 
> Implementing this seems to need the DNS server (bind in this case), to 
> configure the NAT using the 'expect' feature of connection tracking.  This 
> would permit the following packets to traverse the NAT to the host, provided 
> of course they meet the expectation (source, protocol, etc).
> 
> I'd like to know of anyone has looked at this, is implementing it, or knows of 
> any implementations.  I have looked into it but have only seen enterprise 
> implementations (Cisco & Juniper), but nothing open-source.
> 
> /bill
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org


More information about the bind-users mailing list