Public/Private IP # DNS and Webserver on a DMZ
Posted on 2003-03-13
One of those questions thats probably dead straight forward. But i cant picture it in my mind.
I am considering the below setup:
Cisco 2600 Router
Cisco 515E UR PIX 4fe
Cobalt Webserver [10.2.1.3] - (on DMZ2)
RedHat 8.0 BIND DNS server [10.2.1.2] - (on DMZ2)
Redhat 8.0 SendMail server [10.1.1.2] - (on DMZ1)
Outside Interf of 126.96.36.199 - Security 0
dmz1 interface of 10.1.1.1 - Security 40
dmz2 interface of 10.2.1.1 - Security 60
Inside interfa of 10.0.1.3 - Security 100
I am unsure as to how to get all DNS requests to got to the DNS server. And then to forward thoses requests to the appropriate location. Is it just a simple task of creating a policy rule permitting DNS traffic from the Internet to the DNS server on the DMZ2 telling all web requests on domains in the DNS to go to the cobalt server on 10.2.1.3 in DMZ2 and then let the cobalt server sort out which domain trafic goes to which virtual site?
I would be prepared to allocate Public Ip # on DMZ2 if you think it would be a better idea. And then just send all dns requests to the dns servers public ip on dmz2. But where would you point the domains too, as if you pointed it too the Cobalt, how does the cobalt know what to do with the request and what domain its for, does it need to be running a secondary DNS server? Its confusing.
Im sure a million people must have done this before, so you must have plenty of tips/suggestions on how to do it.
I have not got any of the equipment as of yet, so im looking at it from a theoritcal perspective. I also need to know how many Public IP # to order, and how best to allocate them within my network.
I want to host multiple websites and my own DNS on my DMZ2 interface. I want it to work as if it was directly connected tothe internet. But without a decent helping of knowledge with regards to DNS and Cisco PIX its not easy. (this is more a learning experience on this side of networking)
Hope someone can help