unbound behind NAT: Unbound must forward to a more capable name server
felipe at felipegasper.com
Thu Nov 28 16:30:55 UTC 2019
Yes, the behind-NAT nameserver is publicly reachable because it’s an authoritative nameserver.
The trick is that a lot of NAT setups don’t support loopback, so even if you and I could query that behind-NAT nameserver via the public IP, the same query from behind the NAT fails.
> Le 28 nov. 2019 à 11:27, George Thessalonikefs via Unbound-users <unbound-users at nlnetlabs.nl> a écrit :
> Something that is not clear to me:
> Is the nameserver behind the NAT also reachable from outside the NAT?
> -- George
> On 28/11/2019 16:12, Felipe Gasper via Unbound-users wrote:
>>> Le 28 nov. 2019 à 09:39, John Levine via Unbound-users <unbound-users at nlnetlabs.nl> a écrit :
>>> In article <801702592.4201244.1574944721522 at mail.yahoo.com> you write:
>>>> My understanding is that unbound can not do fully-recursive resolves.
>>>> It requires a name server that is able to query the root name servers, ...
>>> You are mistaken. Unbound is a recursive resolver which can query the
>>> root and other authoritative zones just fine. It also works on networks
>>> behind NAT. If it didn't, I wouldn't be able to send this message.
>> Re NAT: It’ll work for resolutions that don’t require loopback, but if an authoritative nameserver is behind the same NAT, Unbound apparently requires loopback NAT in order to query that nameserver’s domains because there’s no way to teach the resolver to do NAT translation via unbound.conf.
More information about the Unbound-users