In message <201511051124.03206.boobe...@rogers.com>, Bill writes: > Yes, to do a full implementation usable in an enterprise you are correct, but > > what I am looking for is a small demo with only 10 machines or so. I believe > > your comment about IPv5 is correct too, but I am limited for this trial. > > /bill
Then find a (home) router with NAT and the ability to send dynamic updates and configure it as described below. They exist and can be purchased for less than USD100 and usually less that USD50. You may want to add a "_dns-update._udp.example.net SRV" record pointing to the nameservers as someone convinced the router vendor(s) that this is how you do it rather than that being a override to the default of just sending to the nameservers for the record to be updated. The nameserver being updated can be inside the network. If you don't want to buy a router you can use a Linux or BSD box and configure the DHCP client to update the nameserver on renumbering. I did that for many years with FreeBSD with two ethernet card, running named and ISC's dhcp client using the dhcp client hooks. Mark > On Wednesday 04 November 2015 15:30, Mark Andrews wrote: > > If you want this sort of behaviour you are going to have to pay > > someone someone lots of money to add this sort of functionality to > > a nameserver and then pay them more money to maintain it. This > > sort of thing does not exist in normal nameservers. > > > > Nameservers don't normally do other things on DNS lookups. > > > > Normally what one does is configure port forwarding in the NAT / > > open a hole in the firewall. Some NATs can update the DNS when > > their external address changes other wise you need a NAT that > > modifies DNS payloads and that is problematical in lots of ways. > > > > NATs really are not something anyone sane wants in their network. > > Anyone who says they do really doesn't understand IP security. They > > are a necessary evil with IPv4 as we long ago ran out of addresses > > to number every device uniquely. > > > > Mark > > > > In message <201511041050.51346.boobe...@rogers.com>, Bill writes: > > > See my last posting on what I am trying to achieve, I think in the > > > interest o f > > > brevity I may have overly simplified my goal. > > > > > > What I want is for the DNS query to automatically configure the NAT to > > > permit > > > > > > the outside connection. In other words it should, after the DNS query, > > > look as if the named device had initiated the connection from inside that > > > NAT. My > > > > > > last post explains the use case a bit better, I hope. > > > > > > /bill -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users