Authoritative dns with private IP for hostname
Timothe Litt
litt at acm.org
Fri Jul 27 16:38:17 UTC 2018
On 27-Jul-18 11:59, Elias Pereira wrote:
> hello,
>
> Can an authoritative dns for a domain, eg mydomain.tdl, have a
> hostname, example, wordpress.mydomain.tdl with a private IP?
>
> Would this be accessible from the internet via hostname, if I did a
> nat on the firewall?
>
> --
> Elias Pereira
No. Two issues seem to be conflated here.
For DNS, what you probably want is a setup with views; that way the site
will resolve to the private IP address from inside your site, but to the
external address from outside.
For making your servers accessible, NAT will probably be necessary for
the webserver and the DNS server inside your firewall to be accessible
from outside. Your secondary DNS servers are required to be
geographically separate. So either you have another location with a
firewall (where you again NAT), or you use a secondary DNS service.
Views are in the bind ARM, and have been discussed on this list before.
There are some middleboxes (among them Cisco Routers) that do attempt to
rewrite DNS records on the fly in a NAT like fashion. Stay away from
those. They tend to break things in the best of circumstances, and
absolutely break DNSSEC.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180727/ceb19403/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4577 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180727/ceb19403/attachment.bin>
More information about the bind-users
mailing list