Thanks for the suggestion. My intention for now is to trial on a laptop as that give me the maximum flexibility for testing.
/bill On Thursday 05 November 2015 17:44, Mark Andrews wrote: > In message <201511051124.03206.boobe...@rogers.com>, Bill writes: > > Yes, to do a full implementation usable in an enterprise you are correct, > > but > > > > what I am looking for is a small demo with only 10 machines or so. I > > believe > > > > your comment about IPv5 is correct too, but I am limited for this trial. > > > > /bill > > Then find a (home) router with NAT and the ability to send dynamic > updates and configure it as described below. They exist and can > be purchased for less than USD100 and usually less that USD50. You > may want to add a "_dns-update._udp.example.net SRV" record pointing > to the nameservers as someone convinced the router vendor(s) that > this is how you do it rather than that being a override to the > default of just sending to the nameservers for the record to be > updated. > > The nameserver being updated can be inside the network. > > If you don't want to buy a router you can use a Linux or BSD box > and configure the DHCP client to update the nameserver on renumbering. > > I did that for many years with FreeBSD with two ethernet card, > running named and ISC's dhcp client using the dhcp client hooks. > > Mark > > > On Wednesday 04 November 2015 15:30, Mark Andrews wrote: > > > If you want this sort of behaviour you are going to have to pay > > > someone someone lots of money to add this sort of functionality to > > > a nameserver and then pay them more money to maintain it. This > > > sort of thing does not exist in normal nameservers. > > > > > > Nameservers don't normally do other things on DNS lookups. > > > > > > Normally what one does is configure port forwarding in the NAT / > > > open a hole in the firewall. Some NATs can update the DNS when > > > their external address changes other wise you need a NAT that > > > modifies DNS payloads and that is problematical in lots of ways. > > > > > > NATs really are not something anyone sane wants in their network. > > > Anyone who says they do really doesn't understand IP security. They > > > are a necessary evil with IPv4 as we long ago ran out of addresses > > > to number every device uniquely. > > > > > > Mark > > > > > > In message <201511041050.51346.boobe...@rogers.com>, Bill writes: > > > > See my last posting on what I am trying to achieve, I think in the > > > > interest o f > > > > brevity I may have overly simplified my goal. > > > > > > > > What I want is for the DNS query to automatically configure the NAT > > > > to permit > > > > > > > > the outside connection. In other words it should, after the DNS > > > > query, look as if the named device had initiated the connection from > > > > inside that NAT. My > > > > > > > > last post explains the use case a bit better, I hope. > > > > > > > > /bill _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users