DNS versus NAT ?
Ronald F. Guilmette
rfg at tristatelogic.com
Sat Jun 15 02:10:19 UTC 2019
In message <alpine.DEB.2.20.1906130953120.16652 at grey.csi.cam.ac.uk>,
Tony Finch <dot at dotat.at> wrote:
>Ronald F. Guilmette via Unbound-users <unbound-users at nlnetlabs.nl> wrote:
>>
>> For the outbound DNS query packets, does the router re-jigger the orginal
>> source port numbers so that they will (hopefully) not conflict and so that
>> the DNS response packets, when they arrive, can be directed appropriately
>> to one machine or the other?
>
>Yes. The long version is RFC 4787.
Thank you. I am and will be reading that.
>> And if that is the case, then will my SOHO router catch fire if and when
>> I elect to send out through it a set of 65536 or more separate DNS queries,
>> all in rapid succession?
>
>Almost certainly :-) Even quite big NAT boxes will get indigestion if you
>put a lot of DNS traffic through them.
I didn't know that. So I learned something today.
> In general it's best to keep
>stateful middleboxes away from DNS servers. In your case you are probably
>better off either setting up a DMZ at home (if they will give you multiple
>IP addresses) or get a colo box for high volume DNS query traffic.
Yes. Thank you. The latter is already in progress.
(I am assuming ... perhaps incorrectly... that a -dedicated- box will not
be absolutely necessary, as long as I have a dedicated and non-dynamic IP
address with it.)
Regards,
rfg
More information about the Unbound-users
mailing list