Recognizing remote IP in shared connections

Alberto Colosi alcol at hotmail.com
Tue Feb 28 13:58:40 UTC 2017


Hi, let me to say that is a bit strange what you say. If you mean a NAT many to 1 can't be reached in reverse way but "many" can only exit and receive reply packets for esthabilished session or udp related packet


if you mean for example an application server that give as output different web content reading the name after domain name , is possible but ever is one server and not many to 1


if you mean that several nets are shared to one single IP address (NAT) , no, you can only know the IP of application or appliance that perform NAT . You can't know MAC or IP after a NAT (NAT is even a route action that encapsulate IP packet inside another IEEE 802.2 packet with the MAC address from who perform the NAT (extrnal interface)


over it in all case, bind can log QUERIES , check CHANNELS for LOG action inside BIND documentation


you can log DNS queries but is so a large log file (as network accounting, can't be live for "too much".



Alberto Colosi

IT NetWork & Security Architect Engineer



________________________________
From: bind-users <bind-users-bounces at lists.isc.org> on behalf of Job <Job at colliniconsulting.it>
Sent: Tuesday, February 28, 2017 2:35 PM
To: bind-users at lists.isc.org
Subject: Recognizing remote IP in shared connections

Hi,

for policies purpuose, we need to know which remote site is resolving a Bind 9.x public DNS Server.
The problem occurs when some carriers "share" the same IP address between more customers and they surf behind a shared NAT.

Is there a way? Perhaps with DNS crypt o dnssec?

Thank you!
/F
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users Info Page - Internet Systems Consortium<https://lists.isc.org/mailman/listinfo/bind-users>
lists.isc.org
To see the collection of prior postings to the list, visit the bind-users Archives. Using bind-users: To post a message to all the list members, send ...



bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
bind-users Info Page - Internet Systems Consortium<https://lists.isc.org/mailman/listinfo/bind-users>
lists.isc.org
To see the collection of prior postings to the list, visit the bind-users Archives. Using bind-users: To post a message to all the list members, send ...


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170228/41af5eb5/attachment.html>


More information about the bind-users mailing list