Faking a reverse DNS lookup

From: "Colin B." <cbigam@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 20 Sep 2006 16:33:43 GMT

So we came across an oddball issue the other day.

Box-a is a mail server in our DMZ with a 10.x.x.x address. The perimeter
firewall does NAT from a public address to and from it.

Ditto for box-b, a public name server.

Now mail needs DNS, so box-a does all of its DNS lookups against box-b.
Unfortunately, it needs to use the public IP address of box-b because the
first thing that a DNS query does is a reverse lookup on the server's IP
address, and box-b does not serve up DNS for our 10.x.x.x space. (In fact,
we don't have a DNS server that addresses 10.x.x.x at all).

Short of standing up a 10.x.x.x DNS server in the DMZ, does anyone know
how we can actually have box-a do DNS lookups directly against the 10.x.x.x
(i.e. "real") address of box-b, thus avoiding the constant passing of
traffic across the firewall?

Thanks,
Colin
.

Follow-Ups:
- Re: Faking a reverse DNS lookup
  - From: Lion-O
- Re: Faking a reverse DNS lookup
  - From: Paul

Prev by Date: Re: /Var has no space
Next by Date: Re: SMF Snapshots
Previous by thread: SUN vts
Next by thread: Re: Faking a reverse DNS lookup
Index(es):
- Date
- Thread

Relevant Pages

Re: For Microsoft Partners and Customers Who Cant Download or Access
... to reconfigure the firewall, but to use a static IP on your client ... and to make sure that the DNS server entries on the client are ... Microsoft for msdn2.microsoft.com. ... use a static IP and set the DNS server addresses to the DNS ...
(microsoft.public.dotnet.general)
Re: loss of SOME connectivity
... I "think" it is DNS. ... Yes, I can ping the router, AND the ISP DNS. ... I cannot connect the inet cable directly to the server because the inet is ... MS firewall not started. ...
(microsoft.public.windows.server.sbs)
Re: E-Mail Address Cant Receive E-Mail from *Some* External Organizations
... The fact that _some_ messages are delivered is because they are sent from different IPs, so double-check your firewall settings. ... So, that looks right to me, anyway; both resolve to the proper IP address of the external interface for our firewall, and the only difference is that for "company.org" our ISP's mail server acts as a backup server in case our internal mail server is down. ... However, if I send a message to "me@xxxxxxxxxxxxxxxx" from my Yahoo e-mail account, I get an NDR returned to my Yahoo account. ... I have checked with our ISP who handles our DNS settings, and they indicate that all appears to be in order with our DNS and MX records. ...
(microsoft.public.exchange.admin)
RE: Firewall Rule Set not allowing access to DNS servers?
... I changed the DNS rules as you suggested, and the firewall works perfectly - ... > # Allow out access to my ISP's Domain name server. ... > so your udp packets never match this rule and default to ...
(freebsd-questions)
Re: What can make DNS lookups slow? [semi-solved]
... >DLM> You have a ADSL connection to the Internet. ... >DLM> your firewall as eth0. ... >DLM> server machine. ... >DLM> want an authoritative DNS server for this subnet. ...
(Debian-User)