Not all firewalls can hairpin a public IP back to a private IP. We've had to do this, too.
Yes, we could have create a separate zone, but that would requiring training our staff to use on FQDN internally and another with the customers. Easier to teach one thing to the staff and push the complexity back on the configuration. Frank From: bind-users-bounces+frnkblk=iname....@lists.isc.org [mailto:bind-users-bounces+frnkblk=iname....@lists.isc.org] On Behalf Of babu dheen Sent: Monday, May 30, 2011 1:17 AM To: Doug Barton Cc: bind-users@lists.isc.org Subject: Re: Split DNS Configuration in BIND Dear Doug, Appreciate your quick response. Actually this setup is very much required for us. Let me tell you the scenario: We have DNS record called "mail.company.com" which is hosted in internal company LAN network. When any users try to access mail.company.com in browser, they will get private IP address and immediately they will get mail.company.com website home page whereas if any of my company users try to access the mail.company.com website from internet(outside company), they should get public IP address which should be pointed to mail.company.com website. Kindly let me know solution for the same. Regards Babu --- On Mon, 30/5/11, Doug Barton <do...@dougbarton.us> wrote: From: Doug Barton <do...@dougbarton.us> Subject: Re: Split DNS Configuration in BIND To: "babu dheen" <babudh...@yahoo.co.in> Cc: bind-users@lists.isc.org Date: Monday, 30 May, 2011, 11:15 AM On 05/29/2011 21:59, babu dheen wrote: > Hi, > Would like to know how to configure split DNS in BIND running in RHEL > 5.0 version. Below is our setup and requirement. > " We have a zone called "mycompany.com" . So whenever my company users > sitting in LAN try to access mycompany.com domain in explorer, they > should get internal IP address(private IP address) whereas whenever > users from internet should get public IP for mycompany.com domain" Better yet, re-examine the reasons you want to do this, and consider not doing it. It's incredibly rare that using split DNS is a solution to a real problem, it's almost always something that people do because they think they need to. On the other hand, if you really need/want to have internal addresses to access company resources, consider placing them in a separate zone. Something like int.mycompany.com. You have to put these addresses in a separate zone _file_ anyway, why not make it a separate zone? It will reduce complexity for you in the long run. hth, Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
