Feature #14208
open
Automatic Split-DNS for 1:1 NAT
0%
Description
There is a well-known challenge of dealing with accessing public IP addresses from inside the network. The two existing solutions are NAT reflection and split DNS, each of which has its own challenges. Unbound and dnsmasq both support rewriting IP addresses in returned results.
In unbound, this is done using the `respip` module.
In dnsmasq, this is done using the `alias` option.
The pull request I am working on will allow automatically building the unbound respip configuration using the 1:1 NAT configuration.
I tested this code on a firewall running 2.6.0-RELEASE and I believe I made all the necessary changes to make it work in the `master` branch, but I haven't tested that.
Updated by Yehuda Katz about 1 year ago
Updated by Jim Pingle 9 months ago
- Assignee set to Jim Pingle
- Target version set to 2.8.0
- Plus Target Version set to 23.09
Updated by Jim Pingle 8 months ago
- Plus Target Version changed from 23.09 to 24.01
Waiting on changes to the PR, will be better in the next release with more time to test it out.
Updated by Jim Pingle 7 months ago
- Plus Target Version changed from 24.01 to 24.03
Updated by Jim Pingle about 2 months ago
- Plus Target Version changed from 24.03 to 24.07
Updated by Yehuda Katz about 2 months ago
I will hopefully finish my PhD dissertation in the next few weeks and I plan to come back to this after that.
(The subject of my dissertation is why system administrators are such bad peoplehow to better design systems so that system administrators don't make so many unintentional configuration mistakes.)
Updated by Yehuda Katz about 1 month ago
I unfortunately haven't finished my dissertation, but I took a break to work on this. PR is significantly expanded, significantly more tested (including NAT ranges), and is ready for another review. Now tested on 2.7.2.