Answer the question
In order to leave comments, you need to log in
S
S
s_pyanov2016-04-06 11:12:39
s_pyanov, 2016-04-06 11:12:39
How to give access to local network resources behind dns?
Good day to all.
Available: external ip address 111.222.333.444, and example.com domain purchased.
Behind it are several computers that act as servers. They, in turn, spin virtual machines, a file server, a 1c server, a database server and a web server. At the moment, all addressing comes down to forwarding to the corresponding internal Ip, depending on the port through which they are trying to connect, i.e.:
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 3389 -i eth0 -j DNAT --to 192.168.10.51:3389 #переадресация на
iptables -A FORWARD -m tcp -p tcp -d 192.168.10.51 --dport 3389 -j ACCEPT # rdp
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -i eth0 -j DNAT --to 192.168.10.55:80 #переадресация на
iptables -A FORWARD -m tcp -p tcp -d 192.168.10.55 --dport 80 -j ACCEPT # web сервер
... И Т.Д.But there is a web server with many subdomains, how to organize access to them? port forwarding to the machine 192.168.10.55 does not give the desired result, i.e. if you go to exaple.com from outside, then the page opens, but if promo.example.com, then no!
If you type the address promo.example.com from the local network, then the desired site will open .... (on a client machine in the local network THERE IS A LINK TO EXAMPLE.COM IN THE HOSTS FILE). Therefore at me a problem with DNSami?
I can’t understand the principle: what or who should manage the addressing / routing when issuing the results of queries on domain names, i.e. if a person tries to go to the address promo.exaple.com, then what address should he receive as a result and who will give him the result of the request in this case?
2 answer(s)
@s_pyanov
@s_pyanov
=================/etc/bind/example.com.hosts======================= ========
=================/etc/bind/192.168.10.in-addr.arpa=================== ===
================================================= ====
If you write an A entry for the promo zone, then you need to write to /etc/bind/example.com.hosts? or where?
Y
Yuri Chudnovsky, 2016-04-06 @s_pyanov
That's right, in the exaple.com domain zone, you need to register an A record for promo, or * leading to 111.222.333.444 (by the way, there can't be such an ip, only 255 bytes :))
S
s_pyanov, 2016-04-06 @s_pyanov
These rules are currently written:
==================/etc/bind/named.conf.local==========
//
// Do any local configuration here
//
zone "example.com"{
type master;
file "/etc/bind/example.com.hosts";
};
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "10.168.192.in-addr.arpa" {
type master;
file "/etc/bind/192.168.10.in-addr.arpa";
};=================/etc/bind/example.com.hosts======================= ========
$TTL 38400
@ IN SOA ns.example.com. example.com (
1192648703
10800
3600
604800
38400 )
;
@ IN NS localhost.
ns IN NS 192.168.10.1
gate IN A 192.168.10.1
storage IN A 192.168.10.6
promo1 IN A 192.168.10.55=================/etc/bind/192.168.10.in-addr.arpa=================== ===
$TTL 3600
@ IN SOA gate.example.com. example.com (
20060204 ; Serial
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum
@ IN NS localhost.
1 IN NS ns.
6 IN PTR storage.
55 IN PTR promo1.
~================================================= ====
If you write an A entry for the promo zone, then you need to write to /etc/bind/example.com.hosts? or where?
Similar questions
D
Dmitry Baskakov2020-04-30 18:23:17
How to format a flash drive without dancing with a tambourine?
1Reply
W
U
W
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question