Yes, the behind-NAT nameserver is publicly reachable because it’s an authoritative nameserver.
The trick is that a lot of NAT setups don’t support loopback, so even if you and I could query that behind-NAT nameserver via the public IP, the same query from behind the NAT fails. -FG > Le 28 nov. 2019 à 11:27, George Thessalonikefs via Unbound-users > <[email protected]> a écrit : > > Something that is not clear to me: > Is the nameserver behind the NAT also reachable from outside the NAT? > > -- George > > On 28/11/2019 16:12, Felipe Gasper via Unbound-users wrote: >> >>> Le 28 nov. 2019 à 09:39, John Levine via Unbound-users >>> <[email protected]> a écrit : >>> >>> In article <[email protected]> you write: >>>> -=-=-=-=-=- >>>> >>>> My understanding is that unbound can not do fully-recursive resolves. >>>> It requires a name server that is able to query the root name servers, ... >>> >>> You are mistaken. Unbound is a recursive resolver which can query the >>> root and other authoritative zones just fine. It also works on networks >>> behind NAT. If it didn't, I wouldn't be able to send this message. >> >> Re NAT: It’ll work for resolutions that don’t require loopback, but if an >> authoritative nameserver is behind the same NAT, Unbound apparently requires >> loopback NAT in order to query that nameserver’s domains because there’s no >> way to teach the resolver to do NAT translation via unbound.conf. >> >> -F >>
