You are correct, but in the use case I am looking at there is no Internet connection. There are a small number of mobile devices (5-15) behind a NAT gateway with DNS. The gateway provides service to other small networks, but there is nothing else connected, it is an isolated system.
What I am trying to do is to be able to connect to s specific device, say a 'supervisor' by name. I don't know the IP, and their IP may change, or the supervisor might be a service that isn't always provided by the same device. The IP will change and the DNS will be updated updated as needed I don't want the device/user accessing the 'supervisor' to know the IP address, other than the gateway IP, I don't want them to be able to save an old IP. Also, I don't what anyone watching the network (it is wireless) to be able to see anything other than gateway addresses. Basically, the device/user accessing the 'supervisor' should result in traffic thru the gateway/NAT that looks as if the superviser initiated it, ie the supervisor has been natted, and the reply IP is the gateway. Not sure if I am going about this the right way, but that is my idea. I appreciate the comments I am receiving here, thanks. /bill On Monday 02 November 2015 18:03, Carl Byington wrote: > On Fri, 2015-10-30 at 12:38 -0400, Bill wrote: > > What I would like to do to have the ability to query a DNS server > > located behind a NAT, and have it return the IP of the NAT, and setup > > connection tracking in the NAT to pass traffic thru to the host behind > > the NAT. > > I think that is a bad idea, even if you can get it implemented and > working. > > If I know the names of your hosts (they will eventually be found via > google or other searches), then I can remotely reconfigure your NAT > device to allow my attack traffic thru - and all it takes is a simple > UDP query to your dns server. > > > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
