NAT Inconsistencies

mironduplessis · ‎12-19-2008

Hi,

I am running a 2821 Router running 12.4(23) and I am having some odd experiences with nat.

Basically i want the clients on one subnet to be natted for everything except DNS traffic.

The natting works correctly if im just testing basic nat. however when I add an access list it is inconsistent. I added an access list which has basically a deny statements matching any udp/tcp traffic on port 53 and a permit statement for all IP.

When i clear the nat translations and do an NSLookup on a client on the subnet the first few queries are not natted.However they then randomly start to be natted, and the translations shows udp translations on port 53

Anyone have any ideas.

regards

Miron

Giuseppe Larosa · ‎12-21-2008

Hello Miron,

clients DNS queries are done on UDP port 53 only.

TCP port 53 is used for zone transfers between DNS servers.

Are you using an internal DNS server or your clients point directly to an ISP DNS ?

Hope to help

Giuseppe

mironduplessis · ‎12-22-2008

Hey Giuseppe,

We are using an internal DNS Server. However the issue is not with DNS it is with the nating not being consistent.

Regards

Miron

archari · ‎12-22-2008

can u share the ACL's u used and the relevant nat configs on the interfaces?