DNS server doesn't have to have an public IP, however its good to have =
its own.
Router can pass DNS request (port 53 UDP) from outside to inside DNS =
server (private IP), but you have to set access-list to permit UDP 53 or =
you can map directly ie:
ip nat inside source static udp private_ip_here 53 public_ip_here 53 ext
ip nat inside source static tcp private_ip_here 53 public_ip_here 53 ext
(you might not need TCP line, but it good for secondary try)
private_ip_here is your DNS server (private IP)
public_ip_here could be your router IP or whichever IP you natting.
Have Fun !
"Jeff Brown" <[EMAIL PROTECTED]> wrote in message =
9301el$sq0$[EMAIL PROTECTED]">news:9301el$sq0$[EMAIL PROTECTED]...
> Thanks, that's pretty much what I thought but that brings up another
> question. Does the DNS have to have a public IP address, i.e., one =
that is
> valid on the Internet or can it use a 10-net address provided the =
Internic
> record of all hosted webs, etc have been changed to point to a valid =
IP
> address outside of the NAT? My understanding from all of the docs I've =
been
> reading on NAT tell me that the router will pass the DNS request =
through the
> NAT and resolve correctly, right??
>=20
> Does anyone know if "The NAT Handbook" by Bill Dutcher adequately =
addresses
> topics such as this?
>=20
> Thanks again,
>=20
> Jeff
>=20
> ""Minh Vu"" <[EMAIL PROTECTED]> wrote in message
> 011c01c075af$4e6d81e0$[EMAIL PROTECTED]">news:011c01c075af$4e6d81e0$[EMAIL PROTECTED]...
> > You have to manually change all IPs in the DNS record (ie. A record =
for =3D
> > www.domain.com 175.1.1.2 to 10.1.1.2, MX record, and so on) or any =
IPs =3D
> > you have in 175.1.1.x changed to 10.1.1.x whatever IPs assigned to =
your =3D
> > clients.
> >
> > The serial # in each domain/record should change when you change the =
=3D
> > IPs, If you use NT it will change automaticly (make sure stop and =
start =3D
> > DNS services when you done), but I don't know about UNIX you might =
need =3D
> > to change it (ie. from 5 change to 6, increase by one everytime you =
=3D
> > modify the file)
> >
> > I not sure that your 10.1.1.x is private or public IPs.
> >
> > I'm not clear about the connection.=3D20
> >
> > Anyway good luck
> >
> >
> > "Jeff Brown" <[EMAIL PROTECTED]> wrote in message =3D
> > 92vnkj$8pt$[EMAIL PROTECTED]">news:92vnkj$8pt$[EMAIL PROTECTED]...
> > > Please forgive my ignorance but I have been unable to find =
anything on =3D
> > the
> > > net that adequately defines how to configure DNS records to work =
with =3D
> > NAT.
> > > The scenario is this:
> > > Web hosting co. & ISP wants to change all addresses to 10.x.x.x =
and
> > > implement NAT on either a router or firewall. If we have a current =
=3D
> > address
> > > of 175.1.1.1 and change it to 10.1.1.1, what changes would I need =
to =3D
> > make to
> > > the DNS so that proper name resoultion takes place?
> > > Additionally, we have a customer that routes their traffic through =
us =3D
> > to our
> > > backbone provider and has a block of our public addresses. This =
=3D
> > customer is
> > > already NAT'd and privately addressed behind their own firewall. =
How =3D
> > will
> > > our NAT implementation affect them?
>=20
>=20
>=20
> _________________________________
> FAQ, list archives, and subscription info: =
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
