Firewall Wizards mailing list archives

DNS records for a firewall NAT pool

From: "Pollock, Joseph" <PollockJ () evergreen edu>
Date: Mon, 28 Jul 2003 14:51:42 -0700

What DNS records are appropriate for addresses in a firewall NAT pool?

We have long provided dummy PTR records for the addresses to deal with
software that does a reverse lookup.  We have not configured matching A
records, feeling it was inappropriate and likely in conflict with, for
example, RFC 2182, since the hosts are not directly reachable.

We are suddenly faced with a researcher who cannot connect to a well-known
database.  The site tells me they use TCPWrappers in a manner that requires
matching forward and reverse lookups to pass the connection on to the
server.

We could, of course, configure a static NAT entry for the two hosts
required; my management prefers to not do this for a variety of reasons.

What are the implications of populating our DNS server with matching dummy A
records for all of our firewall pool? 

Joe Pollock
Network Services
The Evergreen State College
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

DNS records for a firewall NAT pool Pollock, Joseph (Jul 29)
- Re: DNS records for a firewall NAT pool Jim McAtee (Jul 29)
- Re: DNS records for a firewall NAT pool Barney Wolff (Jul 29)
  - Re: DNS records for a firewall NAT pool Frank Knobbe (Jul 29)
    - Re: DNS records for a firewall NAT pool Barney Wolff (Jul 29)
    - Re: DNS records for a firewall NAT pool Carson Gaspar (Jul 29)
- Re: DNS records for a firewall NAT pool R. DuFresne (Jul 29)
  - RE: DNS records for a firewall NAT pool Bojan Zdrnja (Jul 31)