From owner-freebsd-questions@FreeBSD.ORG Sun May 15 23:00:13 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D04ED16A4CE for ; Sun, 15 May 2005 23:00:13 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.192]) by mx1.FreeBSD.org (Postfix) with ESMTP id 779AB43DCF for ; Sun, 15 May 2005 23:00:13 +0000 (GMT) (envelope-from pwaring@gmail.com) Received: by rproxy.gmail.com with SMTP id a41so627023rng for ; Sun, 15 May 2005 16:00:08 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=qQA5Jv1BzzhNfDQkwnpZJrwLUlYJAa+bGH1Dfe3gFgzhaI1WkzZW8rW5XBx98XS0YzmIDpn4Rd2wUgWJSnFsFHFnVedJtG4gdn1riO13btVsMf/7O3yQbi6h2NNyqKajhiB+buz/Gz+J+kqEfmJ15UwItdyYClT0sZPvVJ03H9o= Received: by 10.39.1.54 with SMTP id d54mr2608467rni; Sun, 15 May 2005 16:00:08 -0700 (PDT) Received: by 10.38.76.66 with HTTP; Sun, 15 May 2005 16:00:08 -0700 (PDT) Message-ID: <8953a1db050515160066ea3c0d@mail.gmail.com> Date: Mon, 16 May 2005 00:00:08 +0100 From: Paul Waring To: Joe Wood In-Reply-To: <4287c729.605b3677.7e3a.5a93@mx.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <4287c729.605b3677.7e3a.5a93@mx.gmail.com> cc: freebsd-questions@freebsd.org Subject: Re: BIND and NAT X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Paul Waring List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 May 2005 23:00:13 -0000 On 5/15/05, Joe Wood wrote: > I have a small question regarding a DNS issue I am having. I have a bsd b= ox > setup for a domain I am hosting..it has FBSD 5.3 and Bind 9.3. It sits > behind a NAT device and is in a DMZ. The problem is when I setup the doma= in > I told it to point to the public ip which is translated to the private IP= on > which DNS listens. Now when I try to go to the site it keeps trying to > connect to the private IP the site is on instead of the correct public ip= . > Is this an issue with the DNS files being setup for the private network o= r > should it matter? If your DNS server is giving out the private IP address to machines on the other side of the NAT device then yes, that does matter because they won't be able to connect to it. If you want to run your DNS from behind a NAT device (using port forwarding from a public IP perhaps - that's what I do) then you might want to look into the concepts of "views" in Bind, which will allow you to give out the private IP for the domain to any machine on the same subnet (e.g. 192.168.0.x) and the public IP address to any machine on the other side of the NAT device. This is what I do when running my DNS from behind a router on a private IP range and it works very well. It's a bit fiddly to setup as each zone you have needs to be in both views (internal and external) but otherwise it's fairly simple to setup. Paul --=20 Rogue Tory http://www.roguetory.org.uk