Authoritative dns with private IP for hostname

Elias Pereira empbilly at gmail.com
Mon Jul 30 22:54:08 UTC 2018 

Thanks to everyone that help me!!!

The Grant Taylor tuto works like a charm!!! :)

On Fri, Jul 27, 2018 at 7:12 PM Grant Taylor via bind-users <
bind-users at lists.isc.org> wrote:

> On 07/27/2018 09:59 AM, Elias Pereira wrote:
> > hello,
>
> Hi,
>
> > Can an authoritative dns for a domain, eg mydomain.tdl, have a hostname,
> > example, wordpress.mydomain.tdl with a private IP?
>
> Yes, an authoritative DNS server can have a private
> (non-globally-routed) IP address in the zone data.
>
> However, there is a catch.
>
> > Would this be accessible from the internet via hostname, if I did a nat
> > on the firewall?
>
> It would (extremely likely) ONLY be accessible from the private
> (non-globally-routed) LAN.  Even that wouldn't require NAT because
> clients would be on the LAN and access it directly without passing
> through the NAT router.
>
> I don't think this will do what (I'm guessing) you want to do.
>
> I suspect you want to have a server with a private IP be accessible via
> domain name from outside the network.
>
> To do this, do the following things:
>
> 1)  Enter the outside static IP address of the NAT in DNS for the hostname.
> 2)  Configure NAT to (port) forward the traffic you are interested in
> from the outside into the server's internal IP.
>
> This will allow the world to access the service(s) in question.
>
> To help the internal clients, set up an additional DNS zone (that is
> only accessed by internal clients) that is the FQDN of the hostname and
> put an A / AAAA record in the zone's apex that resolves to the internal IP.
>
> ;
> ; External / Global / Public DNS zone file for example.net
> ;
> $ORIGIN example.net.
> ...
> myservice       IN      A       203.0.113.123
>
>
>
> ;
> ; Internal / Private DNS zone file for service.example.net
> ;
> $ORIGIN myservice.example.net.
>                 IN      A       192.168.1.234
>
>
> This will cause the world to resolve myservice.example.net. to
> 203.0.113.123 and clients inside the LAN to resolve
> myservice.example.net. to 192.168.1.234.
>
> I'm assuming that NAT is configured to port forward the desired ports
> for 203.0.113.123 to 192.168.1.234.
>
> I think this will do what I think you are wanting to do.
>
>
>
> --
> Grant. . . .
> unix || die
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>


-- 
Elias Pereira
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180730/0460ec80/attachment.html>

More information about the bind-users mailing list