Feature #14208
open
Automatic Split-DNS for 1:1 NAT
0%
Description
There is a well-known challenge of dealing with accessing public IP addresses from inside the network. The two existing solutions are NAT reflection and split DNS, each of which has its own challenges. Unbound and dnsmasq both support rewriting IP addresses in returned results.
In unbound, this is done using the `respip` module.
In dnsmasq, this is done using the `alias` option.
The pull request I am working on will allow automatically building the unbound respip configuration using the 1:1 NAT configuration.
I tested this code on a firewall running 2.6.0-RELEASE and I believe I made all the necessary changes to make it work in the `master` branch, but I haven't tested that.
Updated by Yehuda Katz about 2 years ago
Updated by Jim Pingle almost 2 years ago
- Assignee set to Jim Pingle
- Target version set to 2.8.0
- Plus Target Version set to 23.09
Updated by Jim Pingle almost 2 years ago
- Plus Target Version changed from 23.09 to 24.01
Waiting on changes to the PR, will be better in the next release with more time to test it out.
Updated by Jim Pingle over 1 year ago
- Plus Target Version changed from 24.01 to 24.03
Updated by Jim Pingle about 1 year ago
- Plus Target Version changed from 24.03 to 24.07
Updated by Yehuda Katz about 1 year ago
I will hopefully finish my PhD dissertation in the next few weeks and I plan to come back to this after that.
(The subject of my dissertation is why system administrators are such bad peoplehow to better design systems so that system administrators don't make so many unintentional configuration mistakes.)
Updated by Yehuda Katz about 1 year ago
I unfortunately haven't finished my dissertation, but I took a break to work on this. PR is significantly expanded, significantly more tested (including NAT ranges), and is ready for another review. Now tested on 2.7.2.
Updated by Jim Pingle about 1 year ago
- Plus Target Version changed from 24.07 to 24.08
Updated by Yehuda Katz about 1 year ago
I just rebased the PR. It would be great if it can be merged so I don't have to keep doing that.
Updated by Jim Pingle 8 months ago
- Assignee deleted (
Jim Pingle) - Plus Target Version changed from 24.08 to 24.11
Updated by Yehuda Katz 8 months ago
Is there anything specific keeping this from being merged?
Updated by Jim Pingle 8 months ago
- Plus Target Version changed from 24.11 to 25.01
Updated by Jim Pingle 6 months ago
- Plus Target Version changed from 25.01 to 25.03
Updated by Jim Pingle 4 months ago
- Plus Target Version changed from 25.03 to 25.07
Updated by Jim Pingle about 8 hours ago
- Target version changed from 2.8.0 to 2.9.0