RE: CCIE Written: DNS and NAT [7:29461]

[Phil]

John- specifically what is your question ???  I've had to do a lot of
DNS related research these past few months (using Meta, Garner, White
Papers, Berkley, Microsoft, etc.), but I don't believe I have seen
specific issues with NAT and DNS.  The Firewalls must be configured to
pass UDP port 53 and can enforce an access-list only to allow certain
servers (say the ISPs primary and yours), TSIG (BIND), or to proxy.
With proxy (say Gauntlet or Symantec's Raptor line-up) the NAT or PAT
portion plays no roll.  As the query moves, @ no time should the DNS
server being polled need to cache the resolver's information (does this
makes sense ???).  I guess, what I am trying to say is that it does not
matter is I am requesting from a global IP address or a private 10.0.0.0
address.  If your lookup is recursive or iterative, the firewall has a
state table, NAT statistics, or a PAT lookup (UNIX programs refer to it
as IP Masquerading), mapping it back to the resolver (be it PC or file
server) that initiated the lookup.

I believe I may not have answered your question

Let me know- I never was asked to deliver my DNS presentation and Im
still miffed Ive been studying such a boring subject as of late :-)
Phil

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
John Tafasi
Sent: Tuesday, December 18, 2001 3:37 AM
To: [EMAIL PROTECTED]
Subject: CCIE Written: DNS and NAT [7:29461]

Does any body have good resource that explains how NAT on the firewall
works
with DNS?


Thanks

John Tafasi




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29478&t=29461
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]