Problem with DNS server behind a 837 router with NAT

Unanswered Question
Jul 7th, 2006
User Badges:

Dear,


We have a HTTP, FTP, SMTP and a DNS server set up behand a 837 router with nat enabled. Everything except the DNS server is working ok. The configuration is in attachment


If I change the nat for port 53 to port 5353 local (and reconfigure the dns server to listen to port 5353) the dns server is working fine except if the computer sending the query uses port 53 UDP (and the answer has to be send back to port 53 UDP). The answer does not get through the router.


Any idea's?




Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Anonymous (not verified) Thu, 07/13/2006 - 06:13
User Badges:

The issue may be the return data is not passing through the NAT. If the Firewall is not configured to allow the return then the the data will not pass through it. Check the configurations of firewall.

marelecnv Thu, 07/13/2006 - 06:55
User Badges:

Thaks for your response, but no, that is not the problem.


I've solved the problem yesterday.

There has to be a 1-1 NAT rule in the configuration:

ip nat inside source static 192.168.0.253 213.49.131.61


Only forwarding port 53 UDP and TCP doesn't work.


AND


The DNS server must be configured to supply A records with the local IP address, not the global IP address, otherwise the DNS response does not pass through the router!!! (surprise, surprise) The router translates the ip addresses inside the DNS respones.


It took a long time to find this out, but now everything works OK.


Actions

This Discussion