Running Public and Private DNS on BorderManager - April 25, 2001

Massimo Rosen, Novell Support Connection Sysop, passes along this trick, which allows you to host a split DNS system on a BorderManager server. (Actually, it mostly *emulates* a split DNS system).

The idea here is to host your own public DNS server to give out public records while still providing private records to internal users.

The public records are provided by NAMED.NLM, while the private records are provided by the DNS Proxy. The public records are entered as DNS records, while the private records are entered into the BorderManager SYS:ETC\HOSTS file. (The DNS Proxy will pick up HOSTS file entries before using DNS entries).

You will of course need to add a filter exception to allow UDP destination port 53 to your public IP address. This also does not fulfill the requirement to have two public DNS servers hosting your domain, so you will need to add another (secondary) DNS server outside the firewall.

"Ever wondered how to make a BM Server run named for public access, but deliver private addresses for internal hosts at the same time? Well, I recently implemented the following "trick" at a customer site, and it works like a charm:

1. Install BM Proxy, including DNS Proxy. Make sure you correctly configure proxy to only listen on the private interface(s). Enter your private host/address combinations into sys:\etc\hosts
2. Install DNS/DHCP onto the BM, configure it to service your domain as needed, with the public addresses of your webservers (or whetever you need)
3. Start Named *after* the proxy is up. It will listen on all addresses *not* occupied by the DNS proxy.

Done. Now your BM will supply the public addresses of your servers to the internet, but your private addresses internally."

Return to the Main Page