Date: Mon, 16 May 2005 00:00:08 +0100 From: Paul Waring <pwaring@gmail.com> To: Joe Wood <dot.sn1tch@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: BIND and NAT Message-ID: <8953a1db050515160066ea3c0d@mail.gmail.com> In-Reply-To: <4287c729.605b3677.7e3a.5a93@mx.gmail.com> References: <4287c729.605b3677.7e3a.5a93@mx.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/15/05, Joe Wood <dot.sn1tch@gmail.com> wrote: > I have a small question regarding a DNS issue I am having. I have a bsd b= ox > setup for a domain I am hosting..it has FBSD 5.3 and Bind 9.3. It sits > behind a NAT device and is in a DMZ. The problem is when I setup the doma= in > I told it to point to the public ip which is translated to the private IP= on > which DNS listens. Now when I try to go to the site it keeps trying to > connect to the private IP the site is on instead of the correct public ip= . > Is this an issue with the DNS files being setup for the private network o= r > should it matter? If your DNS server is giving out the private IP address to machines on the other side of the NAT device then yes, that does matter because they won't be able to connect to it. If you want to run your DNS from behind a NAT device (using port forwarding from a public IP perhaps - that's what I do) then you might want to look into the concepts of "views" in Bind, which will allow you to give out the private IP for the domain to any machine on the same subnet (e.g. 192.168.0.x) and the public IP address to any machine on the other side of the NAT device. This is what I do when running my DNS from behind a router on a private IP range and it works very well. It's a bit fiddly to setup as each zone you have needs to be in both views (internal and external) but otherwise it's fairly simple to setup. Paul --=20 Rogue Tory http://www.roguetory.org.uk
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8953a1db050515160066ea3c0d>