[tclug-list] DNS config

[josh at joshwelch.com]

Quoting Tim Oudin <timo at bolverk.net>:

> Got a question about DNS, I'd be much appreciative if anyone could lend
> some insight.
> 
> I have an internal office network running MS Small Business Server as a
> PDC/Exchange server.  SBS apparently insists on managing DNS in it's
> domain.  Internally I also have some web servers that are used for
> development.  Everything in the office sits behind a Linux
> gateway/firewall.
> 
> Externally I have a real, er, Linux DNS server running BIND.
> 
> The setup I inherited has a subdomains pointing into my dev web server for
> external access to current projects.  This is something my people want, so
> they get it.  Issue with the current config is that there are two
> subdomains created for accessing the same content.  My people were told
> that they needed to access this content with an
> http://internal.mydomain.com from within the office and
> http://external.mydomain.com from outside the network.  There is constant
> complaining about the inconvenience associated with this config.  Although
> the complaining may be petty it's what I get paid to deal with apparently.
> 
> DNS is configured for http://internal.mydomain.com to resolve to the
> private IP address of the development server and
> http://external.mydomain.com resolving to the public IP address that port
> forwards to the same server.
> 
> I'm far from a DNS guru, in fact this job is the first that I've ever had
> to deal with anything more than understanding the general concept to DNS. 
> Is there any reason why I could not set up DNS on my SBS for
> http://dev.mydomain.com to resolve to a private ip of, say, 10.0.0.111 and
> set the same subdomain on my external DNS server with a public ip of my
> gateway?
> 
> I have made some tests and all seems to work well as long as I have
> primary DNS on my machine set to my SBS server and secondary to the ip of
> the office gateway which has my external DNS as the first entry in
> /etc/resolv.conf?
> 
> The previous admin seems to think this can not be done and I fail to see
> the issue.
> 

I do this currently, for similar reasons, and have been doing it for awhile.
I've had no problems with this setup. It's a good way to handle the scenario
you describe.

Josh