 |
| Prev-20 | Home | Next-20 |
| Prev-20 | Home | Next-20 |
| Prev- | Prev- | Bind- | Nov- | Next- | Next- |
| Subject: | Re: Public DNS with NAT IP |
| Group: | Bind-users |
| From: | Barry Margolin |
| Date: | 18 Nov 2006 |
"guy cipher" <guy.cipher> wrote:
> Hi Barry,
> Thanks you very much indeed. You are absolutely right, What I notice the
> reverse zone name is reflecting to public IP in the current configuration "
> named.conf" which is
>
> zone "198.16.1.in-addr.arpa" in {
> type master;
> file "named.hosts.rev";
That zone name should have been 1.16.198.in-addr.arpa.
>
> What I understood from your e-mail that I should have created the reverse
> zone like below:
>
> zone "172.31.32.in-addr.arpa" in {
> type master;
> file "named.hosts2.rev";
That should be 32.31.172.in-addr.arpa.
>
> Should I delete the "named.hosts.rev? and please tell me again the What will
> be "A" record for DNS server zones files. Would it be public IP or private
> IP?
You need *both* reverse zones -- one for inside clients, the other for
outside clients. Unless your firewall performs DNS fixups to translate
private IPs to their corresponding public IPs -- in that case you just
need the private IPs.
>
> indigo IN A 203.81.204.10
> 10 IN PTR indigo.xyz.net.
>
> or
>
> indigo IN A 172.31.32.5
> 10 IN PTR indigo.xyz.net
>
> Please advise for the correct entries in the configuration file.
You need both. The best way to do this is with views -- inside clients
get the private A record, outside clients get the public A record.
>
> Best Regards
>
> Cipher
>
> PS I haven't tried it yet, but I will do it soon.
>
>
> On 11/17/06, Barry Margolin <barmar> wrote:
> >
> > In article <ejhl5j$192r$1>,
> > "guy cipher" <guy.cipher> wrote:
> >
> > > Hi,
> > > I'm setuping the BIND 9.3 on Solaris 9 server having private IP address.
> > The
> > > Firewall is doing mapping (NATing) the public IP to the private IP
> > address.
> > > Let's say 198.16.1.4 -> 172.31.31.99.
> > >
> > > The current DNS server is working fine having public IP is working fine.
> > > When I copied all the configuration from current DNS server to another
> > > server having private IP (172.31.31.99). The configuration is same only
> > the
> > > server IP is private. The DNS server is not resolving properly the
> > queries
> > > for non-authrorartive server, but it does resolves the all A records
> > defined
> > > in the DNS configuration.
> > >
> > > When I run 'nslookup' it generates meesage "can't find server name for
> > > address 172.31.32.5". It resolves the queries from "127.0.0.1" loopback
> >
> > You should create a reverse DNS zone for your address range to fix that
> > error. This is a quirk of nslookup -- it requires that the server be
> > able to do a reverse lookup of its own address.
> >
> > > address. Sometimes it generates "No address (A) records available.
> > >
> > > My questions are below:
> > >
> > > Is there any specific configuraton for bind when configure public DNS
> > having
> > > private IP and NAT on firewall.
> > > Should the A record of the DNS server will reflect the "private IP" or
> > > oublic IP.
> >
> > The problem isn't the A record, it's the PTR record. If you tell
> > nslookup to query 172.31.32.5, it tries to look up this PTR record.
> >
> > Another way to solve this problem is to NOT USE NSLOOKUP. It's a lousy
> > debugging tool. Use "dig" for debugging, and "host" for quick-and-dirty
> > lookups.
> >
> > --
> > Barry Margolin, barmar
> > Arlington, MA
> > *** PLEASE post questions in newsgroups, not directly to me ***
> > *** PLEASE don't copy me on replies, I'll read them in the group ***
> >
> >
> >
--
Barry Margolin, barmar
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
| Prev- | Prev- | Bind- | Nov- | Next- | Next- |