How to handle private IP space?

Barry Margolin barmar at
Wed Nov 17 16:33:53 UTC 1999

In article <3831D02A.9953872C at>,
Yan Seiner  <yan at> wrote:
>I have a possibly dumb question:
>We have a fixed IP for our internet gateway, but use the 192 block for
>internal addresses.  We use a Linux firewall currently with ipfwadm
>(soon to be ipchains) to masquerade the traffic in and out.  We run a
>caching only name server (bind 8) that forwards all requests to the ISP;
>zone transfers and DNS requests coming in are blocked at the firewall. 
>DNS lookup service is provided by our ISP's DNS servers.  For obvious
>reasons, I don't want the private IPs leaking out and I block them at
>the firewall.
>I need to do the following:
>If a user inside the firewall sends email to
>joe at, that should resolve to our email server
>(, so that our internal email is not bouncing off our web
>site email server.
>If the same user requests our web site (
>that should resolve to our web hosting service, which is outside the
>Can this be done?  If so, how?  I know this involves setting up more
>than a caching only name server.  I need to know how to split up the
> resolves to
> resolves to

You'll have to run an internal DNS server that's authoritative for your
domain.  Any records on the external DNS server that your users also need
to look up will have to be duplicated on your server.  So your zone file
would contain:  IN A
www  IN A

Barry Margolin, barmar at
GTE Internetworking, Powered by BBN, Burlington, MA
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

More information about the bind-users mailing list