Re: Best way to run Bind on public DNS servers??
Jason Fesler wrote: On Jan 11, 2010, at 9:39 AM, Kaya Saman wrote: Hi, since I got no responses for this question could I rephrase it to asking if Bind will do a zone transfer over public internet if the servers have private IP addresses and are behind NAT with static port definitions? Tell bind to slave from the public IP that is forward to the private side. Thanks Jason! Will this work as Bind will examine the packet and will have a different IP in the sendto: part Otherwise is easy if it can actually be done this way :-) Regards, Kaya ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Best way to run Bind on public DNS servers??
On Jan 14, 2010, at 3:00 AM, Kaya Saman wrote: Thanks Jason! Will this work as Bind will examine the packet and will have a different IP in the sendto: part If your firewall/NAT is forwarding a public address to your private internal address, it will rewrite the packets in order to do so, to reach the private internal address. You can use tcpdump to confirm the traffic seen by either dns server. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Best way to run Bind on public DNS servers??
Jason Fesler wrote: On Jan 14, 2010, at 3:00 AM, Kaya Saman wrote: Thanks Jason! Will this work as Bind will examine the packet and will have a different IP in the sendto: part If your firewall/NAT is forwarding a public address to your private internal address, it will rewrite the packets in order to do so, to reach the private internal address. You can use tcpdump to confirm the traffic seen by either dns server. Many thanks Jason for the support! Since everyone has mentioned I can do this I'm certain it will be a swift an easy job for my migration! Best regards, Kaya ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Best way to run Bind on public DNS servers??
On Jan 11, 2010, at 9:39 AM, Kaya Saman wrote: Hi, since I got no responses for this question could I rephrase it to asking if Bind will do a zone transfer over public internet if the servers have private IP addresses and are behind NAT with static port definitions? Tell bind to slave from the public IP that is forward to the private side. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Best way to run Bind on public DNS servers??
Kaya Saman wrote: Hi all, this is the first time I'm going to be playing around with a setup like this so I'd like to get some advice: I would like to run a master/slave configuration of Bind servers but am confused about how to implement such a setup and the underlying network fabric involved!! First up, currently in my lab I am running an authoritative DNS server through NAT so when people make queries it goes through port 53 on my Cisco 857's ADSL interface then reaches the server with an internal private IP address. I know that I can use 2 different public IP addresses and implement this via NAT opening up static NAT definitions from both WAN IP's to internal private IP's of the servers; however. is this the best practice or should I give the servers public addresses on one of their NICs then run the named service from their??? I plan to upgrade to a Cisco 1800 series which has two routable ports in either Ethernet or ADSL and Ethernet configurations and has a managed 8 port switch which I am sure can be included to be outside the NAT making it easy to tie the servers in to the network. I've never dealt with a setup like this before as everything I've done so far has been behind NAT so I'm a little confused about how to go about it. I know this is probably more of a thing for the Cisco Netpro forum but since I am going to be dealing with Bind there maybe a way I can get around with NAT depending on what the experts or more experienced people say! Many thanks for any responses! Best regards, Kaya ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Hi, since I got no responses for this question could I rephrase it to asking if Bind will do a zone transfer over public internet if the servers have private IP addresses and are behind NAT with static port definitions? Regards, Kaya P.s. as an extra what or how is the best way to learn about DNS? Of course on this mailing list there are many pros and knowledgeable people but for someone like me who is keen and enthusiastic but hasn't had the opportunity to work for a company that deals in DNS, network design or data centers I find myself with more questions then answers! Basically no professional experience is what's holding me back I feel - Thanks ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Best way to run Bind on public DNS servers??
Sorry, just to mention in addition that I currently run a master/slave configuration for internal DNS queries within the NAT! Since the current location of servers has only one static IP available I have only exposed one of the servers to the web but in the new location I plan to get as many IP addresses as needed so that each one of my servers has it's own public IP! ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
