why does nslookup return private NAT address internally and public address externally?
Our e-mail server has a private address of 10.x.x.x with a static map in the NAT pool on our router. Our ISP maintains our DNS records. When using nslookup internally (on the 10.x.x.x network) it returns the private address of our e-mail server. When nslookup is run externally, the NAT (public) address is returned.
My question is what governs the address returned by the nslookup query?
A. Yes, Cisco IOS NAT will translate the address(es) which appear in DNS responses to name lookups (A queries) and inverse lookups (PTR queries). Thus, if an outside host sends a name-lookup to a DNS server on the inside, and that server responds with a local address, the NAT code will translate that local address to a global address. The opposite is also true, and is how we support IP addresses overlapping: an inside host queries an outside DNS server, the response contains an address that matches the access-list specified on the "outside source" command, so the code translates the outside global address to an outside local address.
Time-to-live (TTL) values on all DNS resource records (RRs) which receive address translations in RR payloads are automatically set to zero.
Cisco IOS NAT does not translate IP addresses embedded in DNS zone transfers.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...