Subject: Re: help w/ DNS & NAT
To: Brad Walker <firstname.lastname@example.org>
From: Simon J. Gerraty <email@example.com>
Date: 04/04/2002 00:48:53
>Here is a copy of my /etc/named.conf if you have done this before can
>you please advise.
You haven't shown us what's in /etc/resolv.conf nor your NAT config.
Depending on your setup, you may want your "internal" view to be
matched for the case when your box queries itself using other than
the loopback interface.
Also run tcpdump on another box, to see what return address bind is
putting in queries sent to other name servers in the case that it
is doing recursion for a query to the loopback address.
Early versions of bind would provide the loopback address as the
return address - which of course won't work.
Finally, depending on your firewall setup, you may need to specify
that forwarded queries use port 53 you can ensure sanity with
query-source address a.valid.ip.address port 53;
though if you can get away with not using port 53 that's good since
it makes it harder for bad guys to send you bogus replies.