If you do use an internal DNS you can set up /etc/named.conf as follows
// PUT your ISP's name servers here forwarders { 1.2.3.4; 1.2.3.5 };
//PUT your own DNS IP here so it will ignore any outside //requests that may come in listen-on port 53 { 127.0.0.1; 10.1.1.10; };
Get this working first, then add zones for 10.1.1.x later.
Rob
On Wed, 2005-11-02 at 06:53 -0800, JC wrote:
Hi everyone,
I have this problem that I'm not sure what's the best solution for it. I need your input & help...
I have an internal network behind a hardware firewall. All traffics go thru. the firewall. One of the firewall's rules is that it doesn't allow internal network accesses internal resources that travels outside then come back. In the other words, it drops all packets originate from inside the network that travels outside and then come back to access internal resources.
For example: I have web server (used internal ip 10.1.1.10) behind the firewall, internal network can access this web server with http://10.1.1.10, but they can't access http://www.mydomain.com. Assume that I have static IP (xxx.xxx.xxx.xxx) maps to 10.1.1.10 and dns record www.mydomain.com points to xxx.xxx.xxx.xxx
What I want is to allow users inside the network be able to access http://www.mydomain.com instead of http://10.1.1.10
Here is my question: should I change the rule of the firewall? If so, is there a security risk?
Is there any other solution for this?
By the way, I don't have an internal DNS, I use my ISP DNS service.
Thank you so much for your help, JC _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos