How to handle private IP space?
barmar at bbnplanet.com
Wed Nov 17 16:33:53 UTC 1999
In article <3831D02A.9953872C at cardinalengineering.com>,
Yan Seiner <yan at cardinalengineering.com> wrote:
>I have a possibly dumb question:
>We have a fixed IP for our internet gateway, but use the 192 block for
>internal addresses. We use a Linux firewall currently with ipfwadm
>(soon to be ipchains) to masquerade the traffic in and out. We run a
>caching only name server (bind 8) that forwards all requests to the ISP;
>zone transfers and DNS requests coming in are blocked at the firewall.
>DNS lookup service is provided by our ISP's DNS servers. For obvious
>reasons, I don't want the private IPs leaking out and I block them at
>I need to do the following:
>If a user inside the firewall sends email to
>joe at cardinalengineering.com, that should resolve to our email server
>(192.168.0.2), so that our internal email is not bouncing off our web
>site email server.
>If the same user requests our web site (www.cardinalengineering.com)
>that should resolve to our web hosting service, which is outside the
>Can this be done? If so, how? I know this involves setting up more
>than a caching only name server. I need to know how to split up the
>cardinalengineering.com resolves to 192.168.0.2
>www.cardinalengineering.com resolves to 22.214.171.124
You'll have to run an internal DNS server that's authoritative for your
domain. Any records on the external DNS server that your users also need
to look up will have to be duplicated on your server. So your zone file
cardinalengineering.com. IN A 192.168.0.2
www IN A 126.96.36.199
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users