Newbie Question

[Kevin Darcy]

Wallace Mills wrote:

> Please excuse me if this seems to be a rather simple/basic
> question, but I am not very knowledgable with DNS/Bind as of yet
> and I am trying to gain the knowledge required to administer our
> DNS servers here.
>
> If one had a multihomed unit (2 NICs) with 1 NIC on the public
> side and the other on the private side and using a public DNS
> with a private DNS (I believe this is termed "split DNS") can
> one then have a web server on the private side and allow the
> public to see this web server, even though it has a private IP
> (say in the 192.168 range). This web server would need to be
> able to access the public area and at the same time allow the
> public to see it (view the web pages).

Assuming that your firewall is capable of acting as a router at all,
you'd need to implement some sort of NAT (Network Address
Translation) in order to make your web server accessible to the
Internet, since 192.168.*.* is not Internet-routable. If your firewall
is incapable of routing and/or NAT'ing, then you'll have to run some
sort of "reverse proxy" to make your internal web server accessible to
the Internet.

In DNS terms, regardless of which solution you choose, you would define
the web server with the NAT/proxy address in the public DNS.

I'm not sure what you mean by the web server accessing the public area.
This doesn't seem to be particularly related to DNS, but rather just a
matter of how you configure your firewall and/or network routing and/or
NAT. Or did you mean that the web server would need to
*resolve* Internet names? You would need to somehow point it to the
Internet DNS (with the appropriate routing/NAT'ing enabled on the
firewall) or to the firewall's namesever itself, in order to make that
work.

All in all, it might be easier just to put the webserver on your
extranet.


- Kevin