DNS and NAT
opie at 817west.com
Mon Jul 11 22:44:21 CEST 2005
On Mon, Jul 11, 2005 at 01:33:34PM -0700, Suzana Lojic-Skoric wrote:
> OK, thanks I was not sure what is the proper behavior regarding iptables
> and DNS.
> If answer is not translated then how do I get DNS to work with two way NAT?
> My internal network does not understand any of the ip addresses that belong
> to outside. So if the request for a page that is sent from internal network
> comes back from outside with an answer (ip address) that is not getting
> translated then I can't resolve the page since my internal network doesn't
> understand it and can't route to it.
> Is there a way around this problem? How do I get DNS to work in the type of
> environment I described?
with what is called "split DNS." essentially: requests from the
internal network get internal IP's as responses, requests from the
outside networks get external IP's as responses. like i said in my
first reply; with BIND, this is accomplished through the use of "views."
i am not familiar with how other DNS servers handle this.
a more complete explanation of BIND views and an example of using views
for split DNS can be found at:
"Chris: Dad, what's the blowhole for?
Peter: I'll tell you what it's not for. And when I do, you'll
understand why I can never go back to Sea World."
More information about the netfilter