I would think that you can masq the DNS queries and responses using connection tracking, but I have not tried recently. I have found that running a DNS cache on the masq machine is nicer. It provides much faster responses and reduces traffic. There are several available. I think 'dnsmasq' is probably one of the best. If you are running Debian Woody or Sid, use "apt-get install dnsmasq", else look here:
http://www.thekelleys.org.uk/dnsmasq/doc.html On Mon, Jun 10, 2002 at 07:54:06AM +0000, andre achternaam wrote: > Good day' > > I have set-up a gateway that separates my (private ipv4) LAN from the > Internet. The hosts on my LAN are DHCP enabled and using private addresses. > Also set-up an authorive DNS server for the hosts with a domain. Since the > gateway performs NA(P)T it is not allowed to do queries from the Internet > because it get a private address. However I found a RFC (2694 DNS extensions > to NAT) that covers this part as far as I understand. (I don’t want to use > it for ipv6). > > Is there any developer who has looked into a DNS ALG in combination with > NA(P)T for ipv4? When yes, what is the status and what are the difficulties > he/she/you encounters up till now.
