DNS & NAT

[Kevin Darcy]

Phan, Vu wrote:

> I have a secondary behind a NAT and was wondering if it is possible to have
> the same hostname with 2 different ip numbers in that zone file?  In other
> words, is it ok to have mail.test.com (206.128.1.205) and mail.test.com
> (192.168.1.205)?

No, the only reasonable thing is to put them in separate zone files, and then
either run separate nameserver instances, one for each version of the zone
(BIND 8), or a single nameserver instance with different "views" (BIND 9).
This is known as "split DNS" and I'm sure a search of the archives would
reveal a lot more detailed information on how to implement it.

If you put both addresses in the same zone file, then the nameserver would
always answer with *both* addresses, which means that clients would be about
50% likely to get the "wrong" address on any given connection attempt. This
would be especially evil since one of the addresses is in a private address
range -- the potential exists for external clients to end up connecting to a
completely unrelated machine on their own intranet.


- Kevin