Thanks to everyone that help me!!! The Grant Taylor tuto works like a charm!!! :)
On Fri, Jul 27, 2018 at 7:12 PM Grant Taylor via bind-users < bind-users@lists.isc.org> wrote: > On 07/27/2018 09:59 AM, Elias Pereira wrote: > > hello, > > Hi, > > > Can an authoritative dns for a domain, eg mydomain.tdl, have a hostname, > > example, wordpress.mydomain.tdl with a private IP? > > Yes, an authoritative DNS server can have a private > (non-globally-routed) IP address in the zone data. > > However, there is a catch. > > > Would this be accessible from the internet via hostname, if I did a nat > > on the firewall? > > It would (extremely likely) ONLY be accessible from the private > (non-globally-routed) LAN. Even that wouldn't require NAT because > clients would be on the LAN and access it directly without passing > through the NAT router. > > I don't think this will do what (I'm guessing) you want to do. > > I suspect you want to have a server with a private IP be accessible via > domain name from outside the network. > > To do this, do the following things: > > 1) Enter the outside static IP address of the NAT in DNS for the hostname. > 2) Configure NAT to (port) forward the traffic you are interested in > from the outside into the server's internal IP. > > This will allow the world to access the service(s) in question. > > To help the internal clients, set up an additional DNS zone (that is > only accessed by internal clients) that is the FQDN of the hostname and > put an A / AAAA record in the zone's apex that resolves to the internal IP. > > ; > ; External / Global / Public DNS zone file for example.net > ; > $ORIGIN example.net. > ... > myservice IN A 203.0.113.123 > > > > ; > ; Internal / Private DNS zone file for service.example.net > ; > $ORIGIN myservice.example.net. > IN A 192.168.1.234 > > > This will cause the world to resolve myservice.example.net. to > 203.0.113.123 and clients inside the LAN to resolve > myservice.example.net. to 192.168.1.234. > > I'm assuming that NAT is configured to port forward the desired ports > for 203.0.113.123 to 192.168.1.234. > > I think this will do what I think you are wanting to do. > > > > -- > Grant. . . . > unix || die > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > -- Elias Pereira
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
