Hiding the real ip of the server using your DNS. How?

E

Ext72019-05-08 00:00:49

Domain Name System

Ext7, 2019-05-08 00:00:49

The task is to hide the real IP of the server on its own (i.e. without cloudflare and other analogues). How to do this step by step (you can use large strokes, but the details will not be superfluous)?
If I'm not confusing anything, then there are two possible options for solving this problem:
1.
Server1 - contains apache / nginx, database and site sources. It also hosts a dns server.
Server2 is a separate server with VPS, through which dns requests are forwarded to the site by its domain name.
Those. server1 incoming and outgoing traffic passes only through server2, whose ip is open to the outside world, but which does not physically contain any site data, but only receives it from server1 and transfers it to the user.
2.
Server1 - contains apache / nginx, database and site sources.
Server2 hosts dns.
When a site is requested by domain name, the request goes to server2, which sends a request to server1, receives the requested content, presenting it to the user.
I did not mess up anything, both options are possible?
Which one is better in terms of performance and security?
How to set it all up? In particular, the dns (bind) settings are of interest in both cases on both servers.
Do not offer third-party services (cloudflare, etc.) and dns hosting. You need a solution on your own.

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

E

Ext7, 2019-10-21
@Ext7

Thanks again everyone for the advice. I settled on this solution:
We put the 3proxy utility on the proxy server (2). In its config, among other things, we write the following line:
tcppm -iserver2 port2 server1 port1
This way you can make a proxy chain. An additional plus of the solution is that you do not need to install an ssl certificate on the proxy server, unlike the nginx option.

A

Artem @Jump, 2019-05-08
Tag

Hiding the real ip of the server using your DNS. How?

No, it's impossible.

The task is to hide the real IP of the server on its own. How to do it step by step

Set proxy. Regular nginx for example.
You can also use NAT for this purpose.

I did not mess up anything, both options are possible?

They messed something up. At what here DNS is not clear.
Apparently you misunderstand what DNS is for and how it works.

through which dns requests are forwarded to the site by its domain name

there are no DNS requests to the site.

B

brar, 2019-05-08
@brar

Option 3, without a DNS server.
server1 <---vpn--->server2 <--->wild internet.
On server 1, server 2 is set as a gateway for dest 443 and 80 ports (and others if desired).
On server2 SNAT-im server1 to the world, and DNAT-im incoming traffic from the world on port 443 and port 80 on server1. In the settings of the dns zone, we make a record A to the IP address of server2.
4. Option. Also without dns.
nginx or haproxy on server2 as a reverse proxy. 443 and 80 we bring down on the server1.

A

Alfieros, 2019-05-08
@mrsexy

I did something similar for a long time, I can’t say exactly how, but it’s possible.
Put the muzzle of nginx behind it apache, and through nginx there is a kind of opportunity to give the local apache ip instead of the external one on request.