If the DNS server now has a RFC1918 IP address, then one will probably have to setup appropriate NAT rules for a publicly accessible/routable IP address. On some firewalls, there is a NAT rule for incoming traffic and a another rule for outgoing traffic (basically mapping the public IP for both incoming/outgoing).
Sounds like this was done, so perhaps double check both incoming and outgoing rules and setup? Maybe something missed with the IP config (gateway, mask, broadcast)? Can the DNS server ping or traceroute to any public sites? HTH ________________________________ From: Peter Macko <peter_ma...@yahoo.com> To: bind-users@lists.isc.org Sent: Monday, July 27, 2009 2:00:24 PM Subject: bind9 behind firewall stopped responding I have a master DNS (bind9) for a domain. It was working until I put it behind firewall on a DMZ private subnet. It is setup in the way that from internet the DNS maintains its original IP address, that is SAT translated by firewall to the DMZ private subnet. I allowed ports 53 TCP/UDP. Should I allow other ports? The IP address of the DNS server was changed by putting it on DMZ private subnet, could be this the problem? Any ideas? For testing, I have used some free dns report webpage, ... it is saying that my DNS is not responding. Maybe I am asking something obvious, but I have to solve this until tommorow and I do not know where to start looking. Than you a lot, Peter
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
