How to handle private IP space?

[Barry Margolin]

In article <3831D02A.9953872C at cardinalengineering.com>,
Yan Seiner  <yan at cardinalengineering.com> wrote:
>I have a possibly dumb question:
>
>We have a fixed IP for our internet gateway, but use the 192 block for
>internal addresses.  We use a Linux firewall currently with ipfwadm
>(soon to be ipchains) to masquerade the traffic in and out.  We run a
>caching only name server (bind 8) that forwards all requests to the ISP;
>zone transfers and DNS requests coming in are blocked at the firewall. 
>DNS lookup service is provided by our ISP's DNS servers.  For obvious
>reasons, I don't want the private IPs leaking out and I block them at
>the firewall.
>
>I need to do the following:
>
>If a user inside the firewall sends email to
>joe at cardinalengineering.com, that should resolve to our email server
>(192.168.0.2), so that our internal email is not bouncing off our web
>site email server.
>
>If the same user requests our web site (www.cardinalengineering.com)
>that should resolve to our web hosting service, which is outside the
>firewall.
>
>Can this be done?  If so, how?  I know this involves setting up more
>than a caching only name server.  I need to know how to split up the
>lookup:
>
>cardinalengineering.com resolves to 192.168.0.2
>www.cardinalengineering.com resolves to 208.224.174.10

You'll have to run an internal DNS server that's authoritative for your
domain.  Any records on the external DNS server that your users also need
to look up will have to be duplicated on your server.  So your zone file
would contain:

cardinalengineering.com.  IN A  192.168.0.2
www  IN A  208.224.174.10

-- 
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.