Authoritative dns with private IP for hostname

Grant Taylor gtaylor at
Fri Jul 27 22:13:34 UTC 2018

On 07/27/2018 09:59 AM, Elias Pereira wrote:
> hello,


> Can an authoritative dns for a domain, eg mydomain.tdl, have a hostname, 
> example, wordpress.mydomain.tdl with a private IP?

Yes, an authoritative DNS server can have a private 
(non-globally-routed) IP address in the zone data.

However, there is a catch.

> Would this be accessible from the internet via hostname, if I did a nat 
> on the firewall?

It would (extremely likely) ONLY be accessible from the private 
(non-globally-routed) LAN.  Even that wouldn't require NAT because 
clients would be on the LAN and access it directly without passing 
through the NAT router.

I don't think this will do what (I'm guessing) you want to do.

I suspect you want to have a server with a private IP be accessible via 
domain name from outside the network.

To do this, do the following things:

1)  Enter the outside static IP address of the NAT in DNS for the hostname.
2)  Configure NAT to (port) forward the traffic you are interested in 
from the outside into the server's internal IP.

This will allow the world to access the service(s) in question.

To help the internal clients, set up an additional DNS zone (that is 
only accessed by internal clients) that is the FQDN of the hostname and 
put an A / AAAA record in the zone's apex that resolves to the internal IP.

; External / Global / Public DNS zone file for
myservice	IN	A

; Internal / Private DNS zone file for
		IN	A

This will cause the world to resolve to and clients inside the LAN to resolve to

I'm assuming that NAT is configured to port forward the desired ports 
for to

I think this will do what I think you are wanting to do.

Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3982 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the bind-users mailing list