Subject: Re: help w/ DNS & NAT
To: Brad Walker <>
From: Simon J. Gerraty <>
List: current-users
Date: 04/04/2002 00:48:53
>Here is a copy of my /etc/named.conf if you have done this before can
>you please advise.

You haven't shown us what's in /etc/resolv.conf nor your NAT config.
Depending on your setup, you may want your "internal" view to be 
matched for the case when your box queries itself using other than
the loopback interface. 

Also run tcpdump on another box, to see what return address bind is
putting in queries sent to other name servers in the case that it
is doing recursion for a query to the loopback address.
Early versions of bind would provide the loopback address as the 
return address - which of course won't work.  

Finally, depending on your firewall setup, you may need to specify
that forwarded queries use port 53  you can ensure sanity with

query-source address a.valid.ip.address port 53;

though if you can get away with not using port 53 that's good since
it makes it harder for bad guys to send you bogus replies.