Jason Opperisano opie at 817west.com
Mon Jul 11 22:44:21 CEST 2005

On Mon, Jul 11, 2005 at 01:33:34PM -0700, Suzana Lojic-Skoric wrote:
> OK, thanks I was not sure what is the proper behavior regarding iptables 
> and DNS.
> If answer is not translated then how do I get DNS to work with two way NAT?
> My internal network does not understand any of the ip addresses that belong 
> to outside. So if the request for a page that is sent from internal network 
> comes back from outside with an answer (ip address) that is not getting 
> translated then I can't resolve the page since my internal network doesn't 
> understand it and can't route to it.
> Is there a way around this problem? How do I get DNS to work in the type of 
> environment I described?

with what is called "split DNS."  essentially:  requests from the
internal network get internal IP's as responses, requests from the
outside networks get external IP's as responses.  like i said in my
first reply; with BIND, this is accomplished through the use of "views."
i am not familiar with how other DNS servers handle this.

a more complete explanation of BIND views and an example of using views
for split DNS can be found at:



"Chris: Dad, what's the blowhole for?
 Peter: I'll tell you what it's not for. And when I do, you'll
 understand why I can never go back to Sea World."
        --Family Guy

More information about the netfilter mailing list