Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

why does nslookup return private NAT address internally and public address externally?

Our e-mail server has a private address of 10.x.x.x with a static map in the NAT pool on our router. Our ISP maintains our DNS records. When using nslookup internally (on the 10.x.x.x network) it returns the private address of our e-mail server. When nslookup is run externally, the NAT (public) address is returned.

My question is what governs the address returned by the nslookup query?


Re: why does nslookup return private NAT address internally and

from the FAQ for CISCO IOS NAT:

Q. Does Cisco IOS NAT support DNS queries?

A. Yes, Cisco IOS NAT will translate the address(es) which appear in DNS responses to name lookups (A queries) and inverse lookups (PTR queries). Thus, if an outside host sends a name-lookup to a DNS server on the inside, and that server responds with a local address, the NAT code will translate that local address to a global address. The opposite is also true, and is how we support IP addresses overlapping: an inside host queries an outside DNS server, the response contains an address that matches the access-list specified on the "outside source" command, so the code translates the outside global address to an outside local address.

Time-to-live (TTL) values on all DNS resource records (RRs) which receive address translations in RR payloads are automatically set to zero.

Cisco IOS NAT does not translate IP addresses embedded in DNS zone transfers.

CreatePlease to create content