Tuesday, January 1, 2019

Source IP Address on DNS Forwarding Servers

Design: LAN -> Router -> Public DNS Forwarder -> Public DNS Resolver/Recursive

On this design, there’s no internal DNS service. Apparently when a client from the LAN asks for DNS response, it will be sourced by a public address from the Router via NAT/PAT.

My question: When our Public DNS Forwarder forwards the recursive queries to the public DNS Recursive servers, what will the source IP Address be? I suppose it would be the public IP Address of our Public Forwarder?

If it’ll help, Unbound will be the choice of DNS server software in this project.

If yes, to those who know, can I confirm that the traffic will be something like below: 1. Private Client to Public Forwarder Source IP: PAT Address of Router; Destination IP: Public Forwarder

  1. Public Forwarder to Public Recursive Source IP: Public IP Address of Forwarder; Destination IP: Public Recursive

  2. Public Recursive to Public Forwarder

  3. Public Forwarder to PAT’ed Address Source: Public Forwarder; Destination: Router Public Address

  4. Router PAT traffic to internal DNS client on LAN

Would just like to confirm the traffic esp. the addressing portions.

TIA!



No comments:

Post a Comment