Wayne Marshall wcm at guinix.com
Wed Sep 1 10:33:02 PDT 2004

I was recently astonished to find the NAT on our Cisco 678
adsl router was messing with responses from our DNS server!

It was mostly accidental that I even discovered the problem.  For
months I had run a similar setup without any suspicion.

Anyway, if any of you are running your own public DNS servers
behind the Cisco 67x router, test it from an external host.  You
are sure to be similarly affected.  Here are some notes for a


By the way, this isn't an issue of the DNS server; bind and
tinydns will be similarly affected.  The problem is in the Cisco.

I have since set up the Cisco as a transparent bridge, and now do
the Qwest linkup using PPPoE to cut the Cisco NAT out entirely:


More recently I put up m0n0wall on a Soekris box for this
purpose, which makes PPPoE _very_ easy.  Notes on that are in the

The surprise for some here may be that you can do PPPoE at
all with your Qwest service--at least it was a surprise for me. 
But it turns out this is very easy, gets your public IP on your
own host, and allows you to run a much wider variety of adsl CPE
than we have been led to believe is possible.

Stay well!

Wayne Marshall
wcm at guinix.com

