On 2015-11-02 15:03, Carl Byington wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 2015-10-30 at 12:38 -0400, Bill wrote:
>What I would like to do to have the ability to query a DNS server
>located behind a NAT, and have it return the IP of the NAT, and setup
>connection tracking in the NAT to pass traffic thru to the host behind
>the NAT.
I think that is a bad idea, even if you can get it implemented and
working.
If I know the names of your hosts (they will eventually be found via
google or other searches), then I can remotely reconfigure your NAT
device to allow my attack traffic thru - and all it takes is a simple
UDP query to your dns server.
And? NAT != firewall. Your firewall would still need to be configured to
permit such a connection, and presumably your NAT environment would need
to be configured to allow it as well.
If that's not desired, one would probably not enable this functionality.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
