Feature #14208
open
Automatic Split-DNS for 1:1 NAT
Added by Yehuda Katz over 1 year ago.
Updated about 1 month ago.
Status:
Pull Request Review
Plus Target Version:
25.01
Description
There is a well-known challenge of dealing with accessing public IP addresses from inside the network. The two existing solutions are NAT reflection and split DNS, each of which has its own challenges. Unbound and dnsmasq both support rewriting IP addresses in returned results.
In unbound, this is done using the `respip` module.
In dnsmasq, this is done using the `alias` option.
The pull request I am working on will allow automatically building the unbound respip configuration using the 1:1 NAT configuration.
I tested this code on a firewall running 2.6.0-RELEASE and I believe I made all the necessary changes to make it work in the `master` branch, but I haven't tested that.
- Assignee set to Jim Pingle
- Target version set to 2.8.0
- Plus Target Version set to 23.09
- Plus Target Version changed from 23.09 to 24.01
Waiting on changes to the PR, will be better in the next release with more time to test it out.
- Plus Target Version changed from 24.01 to 24.03
- Plus Target Version changed from 24.03 to 24.07
I will hopefully finish my PhD dissertation in the next few weeks and I plan to come back to this after that.
(The subject of my dissertation is why system administrators are such bad peoplehow to better design systems so that system administrators don't make so many unintentional configuration mistakes.)
I unfortunately haven't finished my dissertation, but I took a break to work on this. PR is significantly expanded, significantly more tested (including NAT ranges), and is ready for another review. Now tested on 2.7.2.
- Plus Target Version changed from 24.07 to 24.08
I just rebased the PR. It would be great if it can be merged so I don't have to keep doing that.
- Assignee deleted (
Jim Pingle)
- Plus Target Version changed from 24.08 to 24.11
Is there anything specific keeping this from being merged?
- Plus Target Version changed from 24.11 to 25.01
Also available in: Atom
PDF
Updated by 
Updated by