Re: CCIE Written: DNS and NAT [7:29461]

Wed, 19 Dec 2001 04:39:46 -0800 

Thanks Phil and every body for your efforts to answer my questions. To be
more specific, I have included the scenario that caused me to start this
thread. Visit the link below and view the graphic and the solution to the
scenario. (watch the wrap around the link)


http://us.f1.yahoofs.com/users/2362c12b/bc/Questions/NAT-DNS1.doc?bcGtOc8AMR
WqvCn2

I will post more DNS-NAT scenarios later for discussions. So please stay
tune.

Thanks

John Tafasi


""Phil""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> John- specifically what is your question ???  I've had to do a lot of
> DNS related research these past few months (using Meta, Garner, White
> Papers, Berkley, Microsoft, etc.), but I don't believe I have seen
> specific issues with NAT and DNS.  The Firewalls must be configured to
> pass UDP port 53 and can enforce an access-list only to allow certain
> servers (say the ISPs primary and yours), TSIG (BIND), or to proxy.
> With proxy (say Gauntlet or Symantec's Raptor line-up) the NAT or PAT
> portion plays no roll.  As the query moves, @ no time should the DNS
> server being polled need to cache the resolver's information (does this
> makes sense ???).  I guess, what I am trying to say is that it does not
> matter is I am requesting from a global IP address or a private 10.0.0.0
> address.  If your lookup is recursive or iterative, the firewall has a
> state table, NAT statistics, or a PAT lookup (UNIX programs refer to it
> as IP Masquerading), mapping it back to the resolver (be it PC or file
> server) that initiated the lookup.
>
> I believe I may not have answered your question
>
> Let me know- I never was asked to deliver my DNS presentation and Im
> still miffed Ive been studying such a boring subject as of late :-)
> Phil
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> John Tafasi
> Sent: Tuesday, December 18, 2001 3:37 AM
> To: [EMAIL PROTECTED]
> Subject: CCIE Written: DNS and NAT [7:29461]
>
> Does any body have good resource that explains how NAT on the firewall
> works
> with DNS?
>
>
> Thanks
>
> John Tafasi




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=29632&t=29461
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to