[c-nsp] IOS DNS Question

Bruce Pinsky bep at whack.org
Tue Jul 12 16:37:31 EDT 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Paul Stewart wrote:
| Hi everyone...
|
| I have a client that we manage a router for... here's what they need (trying
| to find best solution)...
|
| They have a single static IP address from us that has:
|
| ip nat inside source list 102 interface Dialer0 overload
| ip nat inside source static tcp 192.168.2.4 389 interface Dialer0 389
| ip nat inside source static tcp 192.168.2.4 709 interface Dialer0 709
| ip nat inside source static tcp 192.168.2.4 829 interface Dialer0 829
| ip nat inside source static tcp 192.168.2.6 1723 interface Dialer0 1723
| ip nat inside source static tcp 192.168.2.4 3389 interface Dialer0 3389
| ip nat inside source static tcp 192.168.2.4 80 interface Dialer0 80
| ip nat inside source static tcp 192.168.2.4 21 interface Dialer0 21
|
| for NAT translations.  The outside world knows their site by a domain name
| http://www.123.com for example and this works fine from outside world.  From
| internally, they can't surf this site by domain name because it resolves to
| their public IP and NAT won't send them "back in" to their network... is
| there a way around this?
|
| One suggestion I had from a person at Networkers was to turn up DNS on the
| router.  I'm told that the DNS server on the router is smart enough to
| provide the internal IP to users who are on the NAT'ed side of the network??
|
| Any ideas would be great.. this customer is bugging me for answers.... our
| last resort is to setup a DNS server on a linux box on our side and have
| their internal network use it.... the customer refuses to make changes to
| their already existing internal active directory DNS server which could
| easily solve this problem...
|

What is their DNS server?  You could run a split view BIND server where
inside source addresses are provided one answer and outside source
addresses are provided a different answer.

See section 4.3 Split DNS at
http://www.nominum.com/content/documents/bind9arm.pdf

- --
=========
bep

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)

iD8DBQFC1CoKE1XcgMgrtyYRAgiEAJ4y5WcDE6+jlE2Cowv6SCqqMyML5wCff4Dd
jSiODwK5zdKRVqy4jj7Mnxw=
=sP6z
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list