1839307 Members
2670 Online
110138 Solutions
New Discussion

Re: web-names conflict

 
Willem Grooters
Honored Contributor

web-names conflict

Based on Robert Atkinson's problem?

I have a number of (name based) virtual hosts running under Apache (thanks to thos who helped me out with that!). From 'outside' the network, it's running nicely.
Yet - there IS a problem, I think thow to solve it but I'm uncertian of the consequences.

As said, multiple webs:
web1.domain.tld
web2.domain.tld
web3.domain.tld
All three in DNS, autoritive server is with my ISP, to 1 IP address.
Web1 relates to web2 as well, and web2 contains references to web3. all fully qualified, actually these webs could reside anywhere...
Next - a firewall, where all http traffic is directed to one internal IP - the server's (192.168.0.2)

On the Server (VMS box: VMS.inside.domain.tld), three virtual hosts, as above, listening to 192.168.0.2 AND to another address, .11,.12 end .13 respectively.

On the very same VMS box is a DNS server for the local network, zone inside.domain.tld. The router/firewall is defined as forwarder.

the problem:
Access to ANY of these webs by name is no problem - from OUTSIDE the firewall. From INSIDE te firewall however, it doesn't work. Quite obviously, since domain.tld refers to the outside of the firewall, and traffic will NEVER reach inside again IF taken from inside.

What I would do is define all webs - as specified above - in local DNS to point to 192,168.0.2 - the local VMS box where all webs reside. However: wouldn't that conflict with the spec at my ISP?
Is there another way to achive this, so I can test the webs - including the internal references - without having to open an outside line?
Willem Grooters
OpenVMS Developer & System Manager
2 REPLIES 2
Andreas Fassl
Frequent Advisor

Re: web-names conflict

Willem,

DNS is a very tricky challenge.
Did I got this right:
From the outside web1.domain.tld does resolve to your FW adress. These requests are forwarded to your box.

From the inside you want to avoid outgoing traffic.

What you want to do now is to have a dual headed DNS setup. One being maintained by your ISP, one internal for security reasons.

Because there is no master-slave communication between your internal DNS and the ISP DNS there should be no conflict.

Question: How do your internal systems get DNS requests to the internet resolved? Or does your policy deny any request to the outside?

Willem Grooters
Honored Contributor

Re: web-names conflict

Andreas,

Externally - that is: on the 'dirty' side of the firewall - my domain 'domain.tld' is in the ISP's DNS.

Internally I have my internal domain 'intra.domain.tld'. My VMS box is configured to be the primary DNS for this domain, configured as 'MASTER'.
My firewall has been configured as forwarder on my internal DNS, and the second DNS server in the intranet. It accepts DNS requests from the internal network only, and is NOT configured to be the SLAVE DNS, for either side. Just the caching-DNS for all machiens inside.
Willem Grooters
OpenVMS Developer & System Manager