[Dshield] OT dynamic IP

Jeff D kabal at ev01.net
Tue Mar 23 18:03:49 GMT 2004


On Tue, 23 Mar 2004, Alan Frayer wrote:

> On Mon, 2004-03-22 at 20:12, Al Reust wrote:
>
>
> > The one that I purchased is by RhinoSoft, DNS4me
> >
> > http://www.dns4me.com/
> >
> > It has been running for over a year now with no problems.
> >
> > For those that do not know the client program does, a trace back to the
> > server and registers the IP on the exterior of your network (DHCP address
> > on my router). Their service then host DNS for the "chosen name/IP." In my
> > case my IIS box is one Nat'd IP and my FTP server is on another Nat'd IP.
> >
> > Should I desire I could register a domain name and allow them to host the
> > first DNS server. So with the correct Dynamic DNS service you could host
> > your own domain as mentioned above.
>
>
> That's actually an interesting idea, but doesn't it cost you the
> firewall benefits of NATting? I mean, if the DNS record now shows hosts
> in the private side of the router (and this is what you're suggesting,
> right?), can't someone access those hosts by their DNS name? Or does the
> fact that the addresses attached to those DNS names are still unroutable
> addresses leave them protected?
>
> I had wondered how I might apply proper host names to PCs in my private
> network when the domain name, web server, and e-mail server I use is
> hosted outside the network.

This is where you would do NAT.  Say I have web server at 10.1.1.10 in my
internal net, but I want to server web pages from it.  I would set a dns
record for one of my external IPs to www.foobar.com and forward all
requests to the 10.1.1.10 server.  You could also do PAT here as well.

hth
Jeff

-+-
There is only one rule -- innovate
- Drexciya




More information about the list mailing list