Solved

Redirection with BIND

Posted on 2003-12-06
5
375 Views
Last Modified: 2010-04-21
How can I redirect any request to www.blahblah.com to an inlan server 192.16.8.1. The same dns server host the zone for www.blahblah.com as well so i still want people from the outside to get to www.blahblah.com.
0
Comment
Question by:mesican
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 9899428
It sounds like you want to set up a web server on a machine inside of a NAT'ing firewall and have it accessible from the Internet and local machines. This means that you'll need to configure your firewall to port forward traffic on 80/TCP and 443/TCP to the inside IP of your web server, or if you have multiple outside IP's you'll need to set up a static NAT translation. Your Internet accessible DNS will need to include a record for www.dom.tld pointing to the outside IP of your firewall (or the static NAT IP).

For inside machines to access the web server you either need a private DNS server that equates the hostname of the web server to its inside IP or create hosts file records on each system equating the hostname to the inside IP.
0
 

Author Comment

by:mesican
ID: 9901341
I already have all that setup, my question is:

I have 1 DNS server that host abc.com. It is behinde my firewall with a private ip address and all the port fowarding and stuff works. HOWEVER, clients on the lan, when they type in www.abc.com it goes to the dns server, gets the public ip (which is the routers e0 interface) and it just hangs. So to avoid all this i want to be able to have it to where the clients type in www.abc.com, it goes to dns, and then dns sees that its coming from the lan and fowards it to the private ip of the webserver.
0
 
LVL 40

Accepted Solution

by:
jlevie earned 50 total points
ID: 9901616
Okay, waht you need is to configure your DNS server with two views. One view is limited by an ACL to only respond to requests from the private LAN and it supplies private IP's for anll requests. The other view responds to Internet requests with routable IP's. A partial named.conf to do this might look like:

...
acl "inside" { 127/8; 192.168.0.0/16; };

view "internal" {
  match-clients { "inside"; };
  recursion yes;
  zone "." IN {
    type hint;
    file "root.zone";
  };

  zone "." IN {
    type hint;
    file "root.zone";
  };
  zone "localhost" IN {
    type master;
    file "localhost.zone";
    allow-update { none; };
  };
  zone "0.0.127.in-addr.arpa" IN {
    type master;
    file "localhost.rev";
    allow-update { none; };
  };
  zone "my-dom.tld" IN {
    type master;
    file "inside/my-dom.tld.zone";
    allow-update { none; };
  };
...
};

view "external" {
  match-clients { any; };
  recursion yes;

  zone "." IN {
    type hint;
    file "root.zone";
  };
  zone "localhost" IN {
    type master;
    file "localhost.zone";
    allow-update { none; };
  };
  zone "0.0.127.in-addr.arpa" IN {
    type master;
    file "localhost.rev";
    allow-update { none; };
  };
  zone "my-dom.tld" {
    type master;
    file "outside/my-dom.tld.zone";
    allow-update { none; };
  };
...
};
...
0
 

Author Comment

by:mesican
ID: 9906207
Ok let me try this out and ill get back to you.
0
 

Author Comment

by:mesican
ID: 9906226
Thank you. It works.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
wifi not working on Raspberry Pi 3? 2 114
Bash script - Exit out of choice loop 2 56
LINUX Field Separators 7 57
Can't "Unset" Proxy in Apache headers for PCI compliance... 4 43
Daily system administration tasks often require administrators to connect remote systems. But allowing these remote systems to accept passwords makes these systems vulnerable to the risk of brute-force password guessing attacks. Furthermore there ar…
Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question