Any solution to resolve this.
On Mar 27, 5:43 am, mikeytag <[email protected]> wrote:
> I was thinking today about the fact that I am not particularly excited
> that the DNS records for my domains publicly list every machine I have
> in my farm and their associated public and private ips. I personally
> moved to Scalr from a colo facility in which I had every machine on
> it's own private network with the only external facing machines being
> the firewalls (which we would SSH tunnel or VPN through to get to the
> machines).
>
> I think it would be really cool if Scalr had a split horizon DNS setup
> by default. Meaning if a query for role.domain.com comes from an
> Amazon ip then the private 10. ip is returned. The public facing
> horizon could then only have records for the load balancer or
> webservers, depending how you have Scalr hooked up.
>
> The next issue to tackle is how do you access your machines if you
> can't simply ssh to ext-role.domain.com? Why not tack on an open
> source VPN solution with the load balancer role. Or create a brand new
> VPN role. I personally only have experience on OpenBSD machines when
> it comes to VPN software, but I am sure there is a plethora of Linux
> options out there.
>
> Once the VPN is setup, you could then simply use the security groups
> to block external access to the machines thus making your farm
> infinitely more secure. You get a little benefit by the DNS records
> being obscured to the public and the most benefit by using Amazon's
> "firewall" rules to lock out your machine from being reached from the
> outside.
>
> I would love to hear everyone's input on this. I personally only have
> experience doing split horizon DNS for a couple hundred domains at the
> most. There may be potential scalibility problems for Scalr to support
> this type of a setup.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"scalr-discuss" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/scalr-discuss?hl=en
-~----------~----~----~----~------~----~------~--~---
