-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 2015-10-30 at 12:38 -0400, Bill wrote: > What I would like to do to have the ability to query a DNS server > located behind a NAT, and have it return the IP of the NAT, and setup > connection tracking in the NAT to pass traffic thru to the host behind > the NAT.
I think that is a bad idea, even if you can get it implemented and working. If I know the names of your hosts (they will eventually be found via google or other searches), then I can remotely reconfigure your NAT device to allow my attack traffic thru - and all it takes is a simple UDP query to your dns server. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iEYEARECAAYFAlY3668ACgkQL6j7milTFsGtdACffAMRw4DryIrJ9krqDfIFPqxa A0UAnirkaQLYyZFeZe+G5C431yjEjzxc =4A4M -----END PGP SIGNATURE----- _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
