DNS and firewall problem

[Mathias Körber]

>=20
> Hello,
> I have a problem and I need very urgent answer.
> I installed a firewall with two ethernet interfaces. And I have a =
machine
> which is, web, dns, mail server.  I 'm using virtual not-routed=20
> IP addresss
> for inside computer (including server) and the firewall is=20
> translating them
> to legal IP addresses.
> When an internal user wants to know IP address of server, he must get =
the
> reserved IP address and, when a user from internet makes a query of =
the
> server, they must get the answer as a real IP address.
> How can I do that.

You will need some type of split DNS, ie publish two different versions =
of your
zone to the inside and outside world. WIth BIND <9.0.0, the only way to =
do this
is using two separate sets of nameservers, ie the nameservers visible to
the outside have one version, and the one on the inside another. To be =
able
to resolve the rest of the Internet, you would use the inside =
nameservers
as resolving (local) nameservers too, and have them forward all queries
(except those for your own zone) to some other outside nameservers.

With BIND-9, you can have a single nameserver reply differently =
depending
onhe IP adress of the client using BIND-9's 'view' feature. See =
http://www.isc.org
for BIND-9. Note that someof the advanced options of BIND-8 (such as =
statitcs
gathring etc) are not yet implemented in BIND-9, so you might have to =
make
some modifications (or sacrifices) if you used to use those.


>=20
> (I defined two A records for the server. First is pointing to legal IP
> address, and the second is pointing to reserved-IP address. It is =
working
> now but it's performance is not good. And I have not a second DNS=20
> server to
> put to outside interface.)
>=20
> I'll be glad if you can send the answers to my personel address.
> Thanx for your help
>=20
> Ayca ARDIC.
>=20
>=20
>=20