<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Not all firewalls can hairpin a public IP back to a private IP. We’ve had to do this, too.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Yes, we could have create a separate zone, but that would requiring training our staff to use on FQDN internally and another with the customers. Easier to teach one thing to the staff and push the complexity back on the configuration.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Frank<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> bind-users-bounces+frnkblk=iname.com@lists.isc.org [mailto:bind-users-bounces+frnkblk=iname.com@lists.isc.org] <b>On Behalf Of </b>babu dheen<br><b>Sent:</b> Monday, May 30, 2011 1:17 AM<br><b>To:</b> Doug Barton<br><b>Cc:</b> bind-users@lists.isc.org<br><b>Subject:</b> Re: Split DNS Configuration in BIND<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0><tr><td valign=top style='padding:0in 0in 0in 0in'><div><p class=MsoNormal>Dear Doug,<o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>Appreciate your quick response. Actually this setup is very much required for us. Let me tell you the scenario: <o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>We have DNS record called "mail.company.com" which is hosted in internal company LAN network. When any users try to access mail.company.com in browser, they will get private IP address and immediately they will get mail.company.com website home page whereas if any of my company users try to access the mail.company.com website from internet(outside company), they should get public IP address which should be pointed to mail.company.com website.<o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>Kindly let me know solution for the same.<o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>Regards<o:p></o:p></p></div><div><p class=MsoNormal>Babu<br><br>--- On <b>Mon, 30/5/11, Doug Barton <i><<a href="mailto:dougb@dougbarton.us">dougb@dougbarton.us</a>></i></b> wrote:<o:p></o:p></p></div><blockquote style='border:none;border-left:solid #1010FF 1.5pt;padding:0in 0in 0in 4.0pt;margin-left:3.75pt;margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal style='margin-bottom:12.0pt'><br>From: Doug Barton <<a href="mailto:dougb@dougbarton.us">dougb@dougbarton.us</a>><br>Subject: Re: Split DNS Configuration in BIND<br>To: "babu dheen" <<a href="mailto:babudheen@yahoo.co.in">babudheen@yahoo.co.in</a>><br>Cc: <a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>Date: Monday, 30 May, 2011, 11:15 AM<o:p></o:p></p><div><p class=MsoNormal style='margin-bottom:12.0pt'>On 05/29/2011 21:59, babu dheen wrote:<br>> Hi,<br>> Would like to know how to configure split DNS in BIND running in RHEL<br>> 5.0 version. Below is our setup and requirement.<br>> " We have a zone called "mycompany.com" . So whenever my company users<br>> sitting in LAN try to access mycompany.com domain in explorer, they<br>> should get internal IP address(private IP address) whereas whenever<br>> users from internet should get public IP for mycompany.com domain"<br><br>Better yet, re-examine the reasons you want to do this, and consider not doing it. It's incredibly rare that using split DNS is a solution to a real problem, it's almost always something that people do because they think they need to.<br><br>On the other hand, if you really need/want to have internal addresses to access company resources, consider placing them in a separate zone. Something like int.mycompany.com. You have to put these addresses in a separate zone _file_ anyway, why not make it a separate zone? It will reduce complexity for you in the long run.<br><br><br>hth,<br><br>Doug<br><br>-- <br> Nothin' ever doesn't change, but nothin' changes much.<br> -- OK Go<br><br> Breadth of IT experience, and depth of knowledge in the DNS.<br> Yours for the right price. :) <a href="http://supersetsolutions.com/" target="_blank">http://SupersetSolutions.com/</a><o:p></o:p></p></div></blockquote></td></tr></table><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Calibri","sans-serif"'><o:p> </o:p></span></p></div></body></html>