[Linux-aus] DNS inside firewall.
Jonathan Oxer
jon at ivt.com.au
Wed Feb 26 10:28:02 UTC 2003
On Mon, 2003-02-24 at 13:12, Andrew Cowie wrote:
> This means you need a different name for it. You could use
> web1.junk.com, for the inside address but that would mean you would have
> inside and outside addresses in the same DNS zone, like this:
>
> 63,100.50.21 www.junk.com
> 192.168.1.21 web1.junk.com
Some nameservers also provide an option to dish out different responses
based on the requesting IP (a "split horizon namespace"). That way your
DNS server can provide a local IP to local machines, and the external IP
for external users for the exact same hostname lookup.
http://homepages.tesco.net/~J.deBoynePollard/FGA/dns-split-horizon.html
That shouldn't be necessary in this case though, just make sure the
firewall is set up to NAT properly without passing stuff upstream
unnecessarily and everything'll be sweet.
HTH
Jonathan
More information about the linux-aus
mailing list