Re: Split DNS Configuration in BIND
On Tuesday 31 May 2011 00:56, the following was written: Its very simple, If you know basic firewall concept, we will configure source NATing from public IP address to original website private address in firewall. So when any users from internet access my company website, they should obviously get public IP of my company website and once they get the IP address from DNS, it can contact the website using source NATing in firewall. Here my concern is not with NATing or firewall. My basic requirement is how can i configure split DNS to maintain two different Ip address for a same website. I think you are getting your terminology mixed up here. Split DNS is when you have 2 DNS servers, one internal and the other external. Internal server serves the clients internally and the External services the people on the Internet. This setup is very easy as both server hold the same records with the proper ip addresses. The other would be VIEWS. This is when you have a single DNS server serving both internal and external requests but you want to supply different ip address for the same host name depending on where the request is coming from. If you are thinking/talking VIEWS then give this website a look: http://www.howtoforge.com/two_in_one_dns_bind9_views http://www.cyberciti.biz/faq/linux-unix-bind9-named-configure-views/ -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Split DNS Configuration in BIND
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/31/2011 01:35 AM, Robert Spangler wrote: On Tuesday 31 May 2011 00:56, the following was written: Its very simple, If you know basic firewall concept, we will configure source NATing from public IP address to original website private address in firewall. So when any users from internet access my company website, they should obviously get public IP of my company website and once they get the IP address from DNS, it can contact the website using source NATing in firewall. Here my concern is not with NATing or firewall. My basic requirement is how can i configure split DNS to maintain two different Ip address for a same website. I think you are getting your terminology mixed up here. Split DNS is when you have 2 DNS servers, one internal and the other external. Internal server serves the clients internally and the External services the people on the Internet. This setup is very easy as both server hold the same records with the proper ip addresses. The other would be VIEWS. This is when you have a single DNS server serving both internal and external requests but you want to supply different ip address for the same host name depending on where the request is coming from. If you are thinking/talking VIEWS then give this website a look: http://www.howtoforge.com/two_in_one_dns_bind9_views http://www.cyberciti.biz/faq/linux-unix-bind9-named-configure-views/ ...the end result of which (just to check my own knowledge) is the same as a split DNS, just without needing a second set of servers, right? - -- - _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Sr. Systems Programmer |$| |__| | | |__/ | \| _| |novos...@umdnj.edu - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/CST-Academic Svcs. - ADMC 450, Newark -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3kicIACgkQmb+gadEcsb7CJgCgpTdt2fLAuS2CP0fWSwbPwLAC GiYAoMmvqby9arWsCcHERNc0t4NOFzp2 =xE7n -END PGP SIGNATURE- attachment: novosirj.vcf___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Split DNS Configuration in BIND
On Tuesday 31 May 2011 02:25, the following was written: Split DNS is when you have 2 DNS servers, one internal and the other external. Internal server serves the clients internally and the External services the people on the Internet. This setup is very easy as both server hold the same records with the proper ip addresses. The other would be VIEWS. This is when you have a single DNS server serving both internal and external requests but you want to supply different ip address for the same host name depending on where the request is coming from. ...the end result of which (just to check my own knowledge) is the same as a split DNS, just without needing a second set of servers, right? Thje end result is the same. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Split DNS Configuration in BIND
On 05/29/2011 21:59, babu dheen wrote: Hi, Would like to know how to configure split DNS in BIND running in RHEL 5.0 version. Below is our setup and requirement. We have a zone called mycompany.com . So whenever my company users sitting in LAN try to access mycompany.com domain in explorer, they should get internal IP address(private IP address) whereas whenever users from internet should get public IP for mycompany.com domain Better yet, re-examine the reasons you want to do this, and consider not doing it. It's incredibly rare that using split DNS is a solution to a real problem, it's almost always something that people do because they think they need to. On the other hand, if you really need/want to have internal addresses to access company resources, consider placing them in a separate zone. Something like int.mycompany.com. You have to put these addresses in a separate zone _file_ anyway, why not make it a separate zone? It will reduce complexity for you in the long run. hth, Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Split DNS Configuration in BIND
Dear Doug, Appreciate your quick response. Actually this setup is very much required for us. Let me tell you the scenario: We have DNS record called mail.company.com which is hosted in internal company LAN network. When any users try to access mail.company.com in browser, they will get private IP address and immediately they will get mail.company.com website home page whereas if any of my company users try to access the mail.company.com website from internet(outside company), they should get public IP address which should be pointed to mail.company.com website. Kindly let me know solution for the same. Regards Babu --- On Mon, 30/5/11, Doug Barton do...@dougbarton.us wrote: From: Doug Barton do...@dougbarton.us Subject: Re: Split DNS Configuration in BIND To: babu dheen babudh...@yahoo.co.in Cc: bind-users@lists.isc.org Date: Monday, 30 May, 2011, 11:15 AM On 05/29/2011 21:59, babu dheen wrote: Hi, Would like to know how to configure split DNS in BIND running in RHEL 5.0 version. Below is our setup and requirement. We have a zone called mycompany.com . So whenever my company users sitting in LAN try to access mycompany.com domain in explorer, they should get internal IP address(private IP address) whereas whenever users from internet should get public IP for mycompany.com domain Better yet, re-examine the reasons you want to do this, and consider not doing it. It's incredibly rare that using split DNS is a solution to a real problem, it's almost always something that people do because they think they need to. On the other hand, if you really need/want to have internal addresses to access company resources, consider placing them in a separate zone. Something like int.mycompany.com. You have to put these addresses in a separate zone _file_ anyway, why not make it a separate zone? It will reduce complexity for you in the long run. hth, Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Split DNS Configuration in BIND
Not all firewalls can hairpin a public IP back to a private IP. We've had to do this, too. Yes, we could have create a separate zone, but that would requiring training our staff to use on FQDN internally and another with the customers. Easier to teach one thing to the staff and push the complexity back on the configuration. Frank From: bind-users-bounces+frnkblk=iname@lists.isc.org [mailto:bind-users-bounces+frnkblk=iname@lists.isc.org] On Behalf Of babu dheen Sent: Monday, May 30, 2011 1:17 AM To: Doug Barton Cc: bind-users@lists.isc.org Subject: Re: Split DNS Configuration in BIND Dear Doug, Appreciate your quick response. Actually this setup is very much required for us. Let me tell you the scenario: We have DNS record called mail.company.com which is hosted in internal company LAN network. When any users try to access mail.company.com in browser, they will get private IP address and immediately they will get mail.company.com website home page whereas if any of my company users try to access the mail.company.com website from internet(outside company), they should get public IP address which should be pointed to mail.company.com website. Kindly let me know solution for the same. Regards Babu --- On Mon, 30/5/11, Doug Barton do...@dougbarton.us wrote: From: Doug Barton do...@dougbarton.us Subject: Re: Split DNS Configuration in BIND To: babu dheen babudh...@yahoo.co.in Cc: bind-users@lists.isc.org Date: Monday, 30 May, 2011, 11:15 AM On 05/29/2011 21:59, babu dheen wrote: Hi, Would like to know how to configure split DNS in BIND running in RHEL 5.0 version. Below is our setup and requirement. We have a zone called mycompany.com . So whenever my company users sitting in LAN try to access mycompany.com domain in explorer, they should get internal IP address(private IP address) whereas whenever users from internet should get public IP for mycompany.com domain Better yet, re-examine the reasons you want to do this, and consider not doing it. It's incredibly rare that using split DNS is a solution to a real problem, it's almost always something that people do because they think they need to. On the other hand, if you really need/want to have internal addresses to access company resources, consider placing them in a separate zone. Something like int.mycompany.com. You have to put these addresses in a separate zone _file_ anyway, why not make it a separate zone? It will reduce complexity for you in the long run. hth, Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Split DNS Configuration in BIND
On 05/30/2011 09:15, Frank Bulk wrote: Not all firewalls can hairpin a public IP back to a private IP. We’ve had to do this, too. First, firewalls don't do routing. :) Yes, we could have create a separate zone, but that would requiring training our staff to use on FQDN internally and another with the customers. Easier to teach one thing to the staff and push the complexity back on the configuration. Second, s/configuration/DNS/, which I would argue is the wrong layer. Solve routing problems at the routing layer. But I realize that there are differing opinions on this. -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Split DNS Configuration in BIND
On 05/29/2011 23:17, babu dheen wrote: We have DNS record called mail.company.com which is hosted in internal company LAN network. When any users try to access mail.company.com in browser, they will get private IP address and immediately they will get mail.company.com website home page whereas if any of my company users try to access the mail.company.com website from internet(outside company), they should get public IP address which should be pointed to mail.company.com website. It's not clear to me from this description why you need 2 different IP addresses for the same resource. -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Split DNS Configuration in BIND
Point taken, and I should have mentioned that it's NAT in play. I agree, it's a problem that not all firewalls can hairpin public IPs back to their private IPs, but when working with what you got sometimes the solution isn't ideal. Frank -Original Message- From: Doug Barton [mailto:do...@dougbarton.us] Sent: Monday, May 30, 2011 2:19 PM To: frnk...@iname.com Cc: 'babu dheen'; bind-users@lists.isc.org Subject: Re: Split DNS Configuration in BIND On 05/30/2011 09:15, Frank Bulk wrote: Not all firewalls can hairpin a public IP back to a private IP. We've had to do this, too. First, firewalls don't do routing. :) Yes, we could have create a separate zone, but that would requiring training our staff to use on FQDN internally and another with the customers. Easier to teach one thing to the staff and push the complexity back on the configuration. Second, s/configuration/DNS/, which I would argue is the wrong layer. Solve routing problems at the routing layer. But I realize that there are differing opinions on this. -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Split DNS Configuration in BIND
In a number of cases NATs have a problem to access the internal boxes via an external address from inside the NAT. In such cases it is much easier to just access the box from inside with it's internal address and from outside with its external address. Using the two views allows for all sorts of scripting etc. without having to consider whether you are on the outside or the inside. I have used that for many years now. On 30/05/11 21:20, Doug Barton wrote: On 05/29/2011 23:17, babu dheen wrote: We have DNS record called mail.company.com which is hosted in internal company LAN network. When any users try to access mail.company.com in browser, they will get private IP address and immediately they will get mail.company.com website home page whereas if any of my company users try to access the mail.company.com website from internet(outside company), they should get public IP address which should be pointed to mail.company.com website. It's not clear to me from this description why you need 2 different IP addresses for the same resource. -- Best regards Sten Carlsen No improvements come from shouting: MALE BOVINE MANURE!!! ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Split DNS Configuration in BIND
Its very simple, If you know basic firewall concept, we will configure source NATing from public IP address to original website private address in firewall. So when any users from internet access my company website, they should obviously get public IP of my company website and once they get the IP address from DNS, it can contact the website using source NATing in firewall. Here my concern is not with NATing or firewall. My basic requirement is how can i configure split DNS to maintain two different Ip address for a same website. Regards BaBU --- On Tue, 31/5/11, Doug Barton do...@dougbarton.us wrote: From: Doug Barton do...@dougbarton.us Subject: Re: Split DNS Configuration in BIND To: babu dheen babudh...@yahoo.co.in Cc: bind-users@lists.isc.org Date: Tuesday, 31 May, 2011, 12:50 AM On 05/29/2011 23:17, babu dheen wrote: We have DNS record called mail.company.com which is hosted in internal company LAN network. When any users try to access mail.company.com in browser, they will get private IP address and immediately they will get mail.company.com website home page whereas if any of my company users try to access the mail.company.com website from internet(outside company), they should get public IP address which should be pointed to mail.company.com website. It's not clear to me from this description why you need 2 different IP addresses for the same resource. -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Split DNS Configuration in BIND
Hi, Would like to know how to configure split DNS in BIND running in RHEL 5.0 version. Below is our setup and requirement. We have a zone called mycompany.com . So whenever my company users sitting in LAN try to access mycompany.com domain in explorer, they should get internal IP address(private IP address) whereas whenever users from internet should get public IP for mycompany.com domain Kindly let me know the guide or procedure for configuring it. Regards Babu ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
