Results 1 to 3 of 3

Thread: How do I configure DNS server in Yast so that external name maps to internal servers based on port?

  1. #1

    Question How do I configure DNS server in Yast so that external name maps to internal servers based on port?

    We have an old Cisco gateway/router that I can't get hairpinning to work on, so I thought I could solve my problem through DNS, as I'm already using one of our OpenSUSE machines as DNS server.

    Say our external public domain is rgbastpqxyzw.com.com. In the LAN DNS server's settings I have lan.rgbastpqxyzw.com which has the records for various internal services. That works fine.

    Now, the gateway/router port forwards several ports for two different internal servers. I want client programs that are run from outside and access rgbastpqxyzw.com:12345 and rgbastpqxyzw.com:54321 to be able to work from inside the LAN without needing to change the addresses to LAN IPs. How can I do that with DNS when ports 12345 and 54321 go to different machines inside the LAN?

    Why, yes, I am a networking newbie...

  2. #2

    Default Re: How do I configure DNS server in Yast so that external name mapsto internal servers based on port?

    On 03/28/2014 10:26 PM, Prune pecked at the keyboard and wrote:
    > We have an old Cisco gateway/router that I can't get hairpinning to work
    > on, so I thought I could solve my problem through DNS, as I'm already
    > using one of our OpenSUSE machines as DNS server.
    >
    > Say our external public domain is rgbastpqxyzw.com.com. In the LAN DNS
    > server's settings I have lan.rgbastpqxyzw.com which has the records for
    > various internal services. That works fine.
    >
    > Now, the gateway/router port forwards several ports for two different
    > internal servers. I want client programs that are run from outside and
    > access rgbastpqxyzw.com:12345 and rgbastpqxyzw.com:54321 to be able to
    > work from inside the LAN without needing to change the addresses to LAN
    > IPs. How can I do that with DNS when ports 12345 and 54321 go to
    > different machines inside the LAN?
    >
    > Why, yes, I am a networking newbie...
    >
    >

    Forward port 12345 to (local IP) xxx.xxx.xxx.xxx
    Then when a connection request comes to your router/gateway for port
    12345 it will always go to the specified machine.

    Ken

  3. #3
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    13,295
    Blog Entries
    2

    Default Re: How do I configure DNS server in Yast so that external name maps to internal servers based on po

    Quote Originally Posted by Prune View Post
    We have an old Cisco gateway/router that I can't get hairpinning to work on, so I thought I could solve my problem through DNS, as I'm already using one of our OpenSUSE machines as DNS server.

    Say our external public domain is rgbastpqxyzw.com.com. In the LAN DNS server's settings I have lan.rgbastpqxyzw.com which has the records for various internal services. That works fine.

    Now, the gateway/router port forwards several ports for two different internal servers. I want client programs that are run from outside and access rgbastpqxyzw.com:12345 and rgbastpqxyzw.com:54321 to be able to work from inside the LAN without needing to change the addresses to LAN IPs. How can I do that with DNS when ports 12345 and 54321 go to different machines inside the LAN?

    Why, yes, I am a networking newbie...
    A few things...
    What you're asking for is "split DNS" - A resource is accessible by a Public IP address but is also accessible by a different Private address. If a client is configured to use a Public DNS, the client will be issued the Public IP address. If the client is configured to point to a Private DNS, the Private DNS will not forward the request to the Public DNS, instead it will serve the Private IP address from a zone configured locally on the DNS server.

    The resource itself might have only a Private IP address if the GW FW is forwarding and translating, or could be a multi-homed machine with separate physical NICs facing publicly and privately. Or, there could be some weird configuration of multiple addresses on the same physical NIC.

    The whole idea of avoiding hair-pinning runs counter to your request
    ... be able to work from inside the LAN without needing to change the addresses to LAN IPs
    -- Hair-pinning means that your clients are trying to access the resource using the Public IP address which requires the hairpin. Only by changing the resource to be accessed by a LAN IP can the hairpin be avoided.

    Whether the resource machine(s) are the same(most typical if the GW FW is forwarding and translating) or different is irrelevant. The LAN DNS would point to whatever address you wish.

    HTH,
    TSU

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •