At 14:25 03.02.2004, Charles Steinkuehler wrote:Erich Titl wrote:
Charles At 13:16 02.02.2004 -0600, Charles Steinkuehler wrote:..I guess you need a fixed IP to accomplish this?
I do this sort of thing using the 'views' feature of Bind9. Systems get different IP's for the same hostname depending on who's asking (based on IP address of the querying system). It's pretty easy to setup if you're running bind already.
Your name server should be on a fixed IP, although it can be in private IP space if it's not a public nameserver.
What good is split view if the address is not public?
There's not a lot of call for a setup like this, but it would make sense for some. For instance, if your network has two masqueraded private IP networks (that can't talk directly to each other) with a server on one of them, you might need split DNS to return the 'real' IP of an internal server to one network, and the IP of the router doing port-forwarding to the other network.
There are some other situations in which this would make sense, especially if you've got a large and/or complicated internal network.
One thing I use views for is VPN access to internal-only resources. DNS is setup to return the real (private) IP of the resources to machines on the local network, while remote users get 127.0.0.1. By running putty and setting up port-forwarding (to a transparent squid proxy, allowing multiple resources to share the same port-forward), remote users can access internal systems only if they're 'tunneled in' via ssh.
I happen to use public DNS names for this, but it would work just as well with fully private DNS entries, as long as the VPN clients are setup to query the private DNS server when logged in to the VPN.
-- Charles Steinkuehler [EMAIL PROTECTED]
------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
