Re: Authoritative dns with private IP for hostname

Fri, 27 Jul 2018 15:13:09 -0700 

On 07/27/2018 09:59 AM, Elias Pereira wrote:

hello,


Hi,


Can an authoritative dns for a domain, eg mydomain.tdl, have a hostname, 
example, wordpress.mydomain.tdl with a private IP?



Yes, an authoritative DNS server can have a private 
(non-globally-routed) IP address in the zone data.


However, there is a catch.


Would this be accessible from the internet via hostname, if I did a nat 
on the firewall?



It would (extremely likely) ONLY be accessible from the private 
(non-globally-routed) LAN.  Even that wouldn't require NAT because 
clients would be on the LAN and access it directly without passing 
through the NAT router.


I don't think this will do what (I'm guessing) you want to do.


I suspect you want to have a server with a private IP be accessible via 
domain name from outside the network.


To do this, do the following things:

1)  Enter the outside static IP address of the NAT in DNS for the hostname.

2)  Configure NAT to (port) forward the traffic you are interested in 
from the outside into the server's internal IP.


This will allow the world to access the service(s) in question.


To help the internal clients, set up an additional DNS zone (that is 
only accessed by internal clients) that is the FQDN of the hostname and 
put an A / AAAA record in the zone's apex that resolves to the internal IP.


;
; External / Global / Public DNS zone file for example.net
;
$ORIGIN example.net.
...
myservice       IN      A       203.0.113.123



;
; Internal / Private DNS zone file for service.example.net
;
$ORIGIN myservice.example.net.
                IN      A       192.168.1.234



This will cause the world to resolve myservice.example.net. to 
203.0.113.123 and clients inside the LAN to resolve 
myservice.example.net. to 192.168.1.234.



I'm assuming that NAT is configured to port forward the desired ports 
for 203.0.113.123 to 192.168.1.234.


I think this will do what I think you are wanting to do.



--
Grant. . . .
unix || die




Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users






















					Reply via email to