  • Hi,

    i want to have two 1:1 NATs like this:

    Public IP : private IP 1
    Public IP : private IP 2

    Of course i can define this in the GUI, but:
    Does this real work? Is this a kind of RoundRobin?

    This is for a customer, who has two nameserver (active/passive Setup).
    I would do this with two pfsenses in CARP-Mode, actual release.

    Thanks for any hints.


    Do you mean you have this?

    Public IP-A : private IP 1
    Public IP-B : private IP 2

    Or do you only have 1 public IP?  Also if they are nameservers, why would you want full expose with 1:1 - why not just forward tcp/udp 53 (dns) to them?

    BTW what the hell is a active/passive nameserver setup?  Never heard that applied to dns, or any other sort of nameservices I can think of nis, wins,

  • Hi,

    this customer wants to have his two NS with two private IP connected with ONE public IP. 1:1 Nat was my idea, but yours (Portforwarding) of course is much better.
    My question: how does that work? If both NS are running, the first one in the forwarding-List gets it. If first one is dead, the second will get the job?

    NS-Setup: my explanation was not really correct. Customer has two running NS and want to have a fallback, if one gets ill. He CAN NOT have two IP for his two NS.

    Makes no sense at all..

    For starters every registrar I have ever seen requires 2 name servers (public IPs) for any domain.  So where is there 2nd nameserver?  Pointing 1 public IP to 2 private IPs solves what single point of failure issue?

    You only have 1 ISP (1 Public IP) so what if that connection fails?

    AFIK there is no way to do what you want with either 1:1 Nat or Port forwarding..  You could forward to a private IP, and using some sort of CARP, HSRP or VIP on the nameserver system provide failover for that IP your forwarding too.

    The normal way you provide redundancy for dns is the fact you have at min 2 IPs for the authoritative nameserver(s)  You can have more.  Is this nameserver authoritative for a public domain, is it just a recursive server?

    Happy to help you out - what exactly they thinking this will accomplish or want to accomplish and we can move forward with the best way to accomplish what they actually want.  What I have found over the years is customers can not always best describe what they actually want/need - they might say they want point their 1 IP to 2 private since they don't understand even the basics ;)  They might use the terms active passive without really understanding what that means, etc. etc..

    If you walk them through a scenario of what they think/want to happen then you can provide the technology to provide that - or explain to them that such a scenario is impossible or unlikely and "this" is what would really happen or does happen or this is why it could not happen, etc. etc..

  • Hi,
    thanks. This customer wants to have these two Nameservers in THIS DataCenter, three others are in Berlin/London/Frankfurt. They wanted to replace their little hardware-boxes whith some kind of roundrobin or so.
    My question was, if his idea with two NATs or Port forwardings would work. Now i made such a setup: it dont work, always the first forwarding gets the job (this is exactly, what i assumed).
    Thanks for discussion.

    No you can not forward to 2 different IPs from 1 public IP to the same port.

