> But why someone puts a DNS server behind a NAT? It's a bit nonsensical...
Not at all. I run a recursive validating resolver on my laptop, and it's always behind a NAT, whether I'm at home or at a coffee shop--how else? I also have a dedicated resolver behind my home NAT; with eight computers on my home network, and $75/year for each additional IP address, it makes sense (to me, anyway) to do things that way. Yesterday I discovered that the router I'm using at home was reassigning BIND's nicely randomized ports into a very predictable pattern. I upgraded the firmware and the situation is improved; now the ports are reassigned to pseudorandom values--but I know nothing about the quality of the PRNG. I'll be happier when I replace the router. -- Evan Hunt -- [EMAIL PROTECTED] Internet Systems Consortium, Inc.
