On 27-Jul-18 11:59, Elias Pereira wrote: > hello, > > Can an authoritative dns for a domain, eg mydomain.tdl, have a > hostname, example, wordpress.mydomain.tdl with a private IP? > > Would this be accessible from the internet via hostname, if I did a > nat on the firewall? > > -- > Elias Pereira
No. Two issues seem to be conflated here. For DNS, what you probably want is a setup with views; that way the site will resolve to the private IP address from inside your site, but to the external address from outside. For making your servers accessible, NAT will probably be necessary for the webserver and the DNS server inside your firewall to be accessible from outside. Your secondary DNS servers are required to be geographically separate. So either you have another location with a firewall (where you again NAT), or you use a secondary DNS service. Views are in the bind ARM, and have been discussed on this list before. There are some middleboxes (among them Cisco Routers) that do attempt to rewrite DNS records on the fly in a NAT like fashion. Stay away from those. They tend to break things in the best of circumstances, and absolutely break DNSSEC.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
