Solved

Redirection with BIND

Posted on 2003-12-06
5
371 Views
Last Modified: 2010-04-21
How can I redirect any request to www.blahblah.com to an inlan server 192.16.8.1. The same dns server host the zone for www.blahblah.com as well so i still want people from the outside to get to www.blahblah.com.
0
Comment
Question by:mesican
  • 3
  • 2
5 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 9899428
It sounds like you want to set up a web server on a machine inside of a NAT'ing firewall and have it accessible from the Internet and local machines. This means that you'll need to configure your firewall to port forward traffic on 80/TCP and 443/TCP to the inside IP of your web server, or if you have multiple outside IP's you'll need to set up a static NAT translation. Your Internet accessible DNS will need to include a record for www.dom.tld pointing to the outside IP of your firewall (or the static NAT IP).

For inside machines to access the web server you either need a private DNS server that equates the hostname of the web server to its inside IP or create hosts file records on each system equating the hostname to the inside IP.
0
 

Author Comment

by:mesican
ID: 9901341
I already have all that setup, my question is:

I have 1 DNS server that host abc.com. It is behinde my firewall with a private ip address and all the port fowarding and stuff works. HOWEVER, clients on the lan, when they type in www.abc.com it goes to the dns server, gets the public ip (which is the routers e0 interface) and it just hangs. So to avoid all this i want to be able to have it to where the clients type in www.abc.com, it goes to dns, and then dns sees that its coming from the lan and fowards it to the private ip of the webserver.
0
 
LVL 40

Accepted Solution

by:
jlevie earned 50 total points
ID: 9901616
Okay, waht you need is to configure your DNS server with two views. One view is limited by an ACL to only respond to requests from the private LAN and it supplies private IP's for anll requests. The other view responds to Internet requests with routable IP's. A partial named.conf to do this might look like:

...
acl "inside" { 127/8; 192.168.0.0/16; };

view "internal" {
  match-clients { "inside"; };
  recursion yes;
  zone "." IN {
    type hint;
    file "root.zone";
  };

  zone "." IN {
    type hint;
    file "root.zone";
  };
  zone "localhost" IN {
    type master;
    file "localhost.zone";
    allow-update { none; };
  };
  zone "0.0.127.in-addr.arpa" IN {
    type master;
    file "localhost.rev";
    allow-update { none; };
  };
  zone "my-dom.tld" IN {
    type master;
    file "inside/my-dom.tld.zone";
    allow-update { none; };
  };
...
};

view "external" {
  match-clients { any; };
  recursion yes;

  zone "." IN {
    type hint;
    file "root.zone";
  };
  zone "localhost" IN {
    type master;
    file "localhost.zone";
    allow-update { none; };
  };
  zone "0.0.127.in-addr.arpa" IN {
    type master;
    file "localhost.rev";
    allow-update { none; };
  };
  zone "my-dom.tld" {
    type master;
    file "outside/my-dom.tld.zone";
    allow-update { none; };
  };
...
};
...
0
 

Author Comment

by:mesican
ID: 9906207
Ok let me try this out and ill get back to you.
0
 

Author Comment

by:mesican
ID: 9906226
Thank you. It works.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

In this tutorial I will explain how to make squid prevent malwares in five easy steps: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-…
How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now