Split DNS Configuration in BIND

Frank Bulk frnkblk at iname.com
Mon May 30 16:15:31 UTC 2011

Not all firewalls can hairpin a public IP back to a private IP.  We've had
to do this, too.


Yes, we could have create a separate zone, but that would requiring training
our staff to use on FQDN internally and another with the customers.  Easier
to teach one thing to the staff and push the complexity back on the




From: bind-users-bounces+frnkblk=iname.com at lists.isc.org
[mailto:bind-users-bounces+frnkblk=iname.com at lists.isc.org] On Behalf Of
babu dheen
Sent: Monday, May 30, 2011 1:17 AM
To: Doug Barton
Cc: bind-users at lists.isc.org
Subject: Re: Split DNS Configuration in BIND


Dear Doug,


Appreciate your quick response. Actually this setup is very much required
for us. Let me tell you the scenario: 


We have DNS record called "mail.company.com" which is hosted in internal
company LAN network. When any users try to access mail.company.com in
browser, they will get private IP address and immediately they will get
mail.company.com website home page whereas if any of my company users try to
access the mail.company.com website from internet(outside company), they
should get public IP address which should be pointed to mail.company.com


Kindly let me know solution for the same.




--- On Mon, 30/5/11, Doug Barton <dougb at dougbarton.us> wrote:

From: Doug Barton <dougb at dougbarton.us>
Subject: Re: Split DNS Configuration in BIND
To: "babu dheen" <babudheen at yahoo.co.in>
Cc: bind-users at lists.isc.org
Date: Monday, 30 May, 2011, 11:15 AM

On 05/29/2011 21:59, babu dheen wrote:
> Hi,
> Would like to know how to configure split DNS in BIND running in RHEL
> 5.0 version. Below is our setup and requirement.
> " We have a zone called "mycompany.com" . So whenever my company users
> sitting in LAN try to access mycompany.com domain in explorer, they
> should get internal IP address(private IP address) whereas whenever
> users from internet should get public IP for mycompany.com domain"

Better yet, re-examine the reasons you want to do this, and consider not
doing it. It's incredibly rare that using split DNS is a solution to a real
problem, it's almost always something that people do because they think they
need to.

On the other hand, if you really need/want to have internal addresses to
access company resources, consider placing them in a separate zone.
Something like int.mycompany.com. You have to put these addresses in a
separate zone _file_ anyway, why not make it a separate zone? It will reduce
complexity for you in the long run.



    Nothin' ever doesn't change, but nothin' changes much.
            -- OK Go

    Breadth of IT experience, and depth of knowledge in the DNS.
    Yours for the right price.  :)  http://SupersetSolutions.com/


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110530/9a4e8e85/attachment.html>

More information about the bind-users mailing list