[c-nsp] Nto1 outside translations with PIX ?
Gert Doering
gert at greenie.muc.de
Tue Feb 22 09:22:34 EST 2005
Hi,
On Tue, Feb 22, 2005 at 11:21:39AM +0100, Armin Wies wrote:
[..]
> Now what happens if the DNS-query is sent to B ?
> Again it will be forwarded to the server, the server sends an answer,
> sees G and will decide for the interface X to send the packet.
If the software replies to an incoming query with a source address
that doesn't match the destination address of the query, the software
is broken and needs fixing.
(Besides this, I'm pretty sure that recent BINDs on Unix (at least) will
handle this correctly, as the UDP response packet is not just passed
to the OS to "pick a convenient source address", but BIND takes great
care to make sure that the corret source address is used for all packets.
Watch out that you don't nail BIND to a specific source via named.conf)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the cisco-nsp
mailing list