I have done some more testing and it appears that any DNS response that contains an IP address is lost. The problem must be related to a defective fixup in the NAT routine. I haven't been able to figure out how to disable the DNS fixup in IOS
Roy Roy wrote: > I am trying to setup a Linux box behind a Cisco router that has NAT > turned on. > I configured: > > ip nat inside source static udp 10.10.100.20 53 xx.xx.xx.xx 53 extendable > ip nat inside source static tcp 10.10.100.20 53 xx.xx.xx.xx 53 extendable > > If I do > > dig . @xx.xx.xx.xx > > From the internet, I get the proper response. tcpdump on linux shows > the packet arriving and a response packet. > > If I do > > dig domain.com @xx.xx.xx.xx > > I get no response. tcpdump on the linux box shows a reply packet > leaving it and the router responding with ICMP host unreachable. > > Software is > > IOS (tm) C1700 Software (C1700-K9O3SY7-M), Version 12.3(18), RELEASE > SOFTWARE (fc3) > > Any ideas are welcome. > > Roy > > > > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
