DNS versus NAT ?

Ronald F. Guilmette rfg at tristatelogic.com
Wed Jun 12 06:03:49 UTC 2019


Greetings,

I have a rather simple question about using DNS in conjunction with NAT,
as implemented on and by a typical SOHO router.  I confess that my question
isn't about Unbound specifically, but about the flow of DNS queries and
responses in a NAT'd environment generally.  Regardless of that, I hope
no one will begrudge me too much for asking my question here.

Imagine the following simple scenario... A particular home network consists
of two UNIX and/or Linux machines, both of which are configured to speak
to a perfectly ordinary, garden variety off-the-shelf modern SOHO router.
Each of these two UNIX/Linux machines is configured to use a unique but
statically assigned RFC1918 IPv4 address when speaking to the router...
let's just say 192.168.7.2 and 192.168.7.3.  Meanwhile, the router itself
has its WAN port configured to obtain an IP address dynamically, via DHCP,
from the relevant ISP.  (Not that that matters at all to my question, but
I include this detail for the sake of completeness.)

My question is just this:  In such a scenario, may -both- of the UNIX/Linux
systems run its own name server, e.g. their own separate instances of, say,
unbound?  And if so, what is the exact mechanism by which DNS -responses-
that arrive at the router's incoming WAN port get parceled out properly
and directed, properly, on to the specific one of the two UNIX/Linux machines
that originally sent out the corresponding DNS query?

I should say that I -believe- that I have a generally adequate, even though
only rudimentary understanding of how a typical SOHO router manages to
insure that all incoming *TCP* packets seen coming in to the WAN port are
routed to their proper final destination machines on the local network.
In that case even I, in my abundant ignorance, I can easily imagine how 
the SOHO router must or might keep track of all existing TCP connections,
such that all TCP response packets are sent on, by the router, to the proper
local machine.

But much or most DNS is performed via connectionless UDP datagrams, so I
am at a loss to understand or even imagine how two or more instances of,
say, Unbound... or Bind for that matter... could successfully co-exist,
on a single home network, together, behind a single typical SOHO router.

Any enlightenment would be appreciated.  Thanks.


Regards,
rfg


P.S.  Of course, I would also like to know if such a scenario would either
require or benefit from specific configuration of one or both of the Unbound
instances, e.g. to explicitly... and perhaps uniquely... set the port number
that each of the two Unbound instances uses for its own outbound query
transmissions.



More information about the Unbound-users mailing list