[Linux-aus] DNS inside firewall.

Jonathan Oxer jon at ivt.com.au
Wed Feb 26 10:28:02 UTC 2003


On Mon, 2003-02-24 at 13:12, Andrew Cowie wrote:

> This means you need a different name for it. You could use
> web1.junk.com, for the inside address but that would mean you would have
> inside and outside addresses in the same DNS zone, like this:
> 
> 63,100.50.21 www.junk.com
> 192.168.1.21 web1.junk.com

Some nameservers also provide an option to dish out different responses
based on the requesting IP (a "split horizon namespace"). That way your
DNS server can provide a local IP to local machines, and the external IP
for external users for the exact same hostname lookup.

http://homepages.tesco.net/~J.deBoynePollard/FGA/dns-split-horizon.html

That shouldn't be necessary in this case though, just make sure the
firewall is set up to NAT properly without passing stuff upstream
unnecessarily and everything'll be sweet.

HTH

Jonathan



More information about the linux-aus mailing list