DNS Redirector
 Return to FAQ List

FAQ 37: Use when clients are behind a NAT device

Category: Initial setup

For all features to be supported the DNS Redirector server cannot be separated from clients by a NAT device.
This is because all clients behind a NAT device are only seen as one IP (the outside/WAN interface).

When used for Internet filtering only (BlockedIP= setting, as in corporate environments)...
Blocked/allowed functionality will work regardless of network placement. However, options such as BypassBlockFile= should not be used. Realize if you configure the option to bypass the block, doing so would apply to the entire network behind the NAT device (because DNS Redirector sees any client inside that network as all coming from one IP address)

When used for Captive portal (RedirectIP= setting, as in HotSpot environments)...
The machine running DNS Redirector and all network clients cannot be separated by a NAT device. Multiple subnets are acceptable. It is necessary that DNS Redirector track clients joining and leaving the network, each by their unique IP address.

When implemented with a catch-all * record (such as during a network emergency, closed network, or a network without access to the Internet) this function will will work regardless of network placement.

See Network Examples

Related articles
FAQ 142  Valid DNS resolution paths

DNS Redirector | Legal Information | 2003-2020