Authoritative dns with private IP for hostname
Grant Taylor
gtaylor at tnetconsulting.net
Fri Jul 27 22:13:34 UTC 2018
On 07/27/2018 09:59 AM, Elias Pereira wrote:
> hello,
Hi,
> Can an authoritative dns for a domain, eg mydomain.tdl, have a hostname,
> example, wordpress.mydomain.tdl with a private IP?
Yes, an authoritative DNS server can have a private
(non-globally-routed) IP address in the zone data.
However, there is a catch.
> Would this be accessible from the internet via hostname, if I did a nat
> on the firewall?
It would (extremely likely) ONLY be accessible from the private
(non-globally-routed) LAN. Even that wouldn't require NAT because
clients would be on the LAN and access it directly without passing
through the NAT router.
I don't think this will do what (I'm guessing) you want to do.
I suspect you want to have a server with a private IP be accessible via
domain name from outside the network.
To do this, do the following things:
1) Enter the outside static IP address of the NAT in DNS for the hostname.
2) Configure NAT to (port) forward the traffic you are interested in
from the outside into the server's internal IP.
This will allow the world to access the service(s) in question.
To help the internal clients, set up an additional DNS zone (that is
only accessed by internal clients) that is the FQDN of the hostname and
put an A / AAAA record in the zone's apex that resolves to the internal IP.
;
; External / Global / Public DNS zone file for example.net
;
$ORIGIN example.net.
...
myservice IN A 203.0.113.123
;
; Internal / Private DNS zone file for service.example.net
;
$ORIGIN myservice.example.net.
IN A 192.168.1.234
This will cause the world to resolve myservice.example.net. to
203.0.113.123 and clients inside the LAN to resolve
myservice.example.net. to 192.168.1.234.
I'm assuming that NAT is configured to port forward the desired ports
for 203.0.113.123 to 192.168.1.234.
I think this will do what I think you are wanting to do.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3982 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180727/7fdd0580/attachment.bin>
More information about the bind-users
mailing list