[c-nsp] DNS and NAT
Roy
r.engehausen at gmail.com
Fri Mar 28 02:19:22 EDT 2008
Found it.
ip nat inside source static udp 10.10.100.20 53 xx.xx.xx.xx 53
extendable no-payload
Roy wrote:
>
> I have done some more testing and it appears that any DNS response
> that contains an IP address is lost. The problem must be related to a
> defective fixup in the NAT routine. I haven't been able to figure out
> how to disable the DNS fixup in IOS
>
> Roy
>
> Roy wrote:
>> I am trying to setup a Linux box behind a Cisco router that has NAT
>> turned on.
>> I configured:
>>
>> ip nat inside source static udp 10.10.100.20 53 xx.xx.xx.xx 53
>> extendable
>> ip nat inside source static tcp 10.10.100.20 53 xx.xx.xx.xx 53
>> extendable
>>
>> If I do
>>
>> dig . @xx.xx.xx.xx
>>
>> From the internet, I get the proper response. tcpdump on linux shows
>> the packet arriving and a response packet.
>>
>> If I do
>>
>> dig domain.com @xx.xx.xx.xx
>>
>> I get no response. tcpdump on the linux box shows a reply packet
>> leaving it and the router responding with ICMP host unreachable.
>>
>> Software is
>>
>> IOS (tm) C1700 Software (C1700-K9O3SY7-M), Version 12.3(18), RELEASE
>> SOFTWARE (fc3)
>>
>> Any ideas are welcome.
>>
>> Roy
>>
>>
>>
>>
>
>
More information about the cisco-nsp
mailing list