[ previous ] [ next ] [ threads ]
 
 From:  scott dot k at facilitywiz dot com (Scott Karch)
 To:  "'SDamron'" <sdamron at gmail dot com>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Split Horizon DNS for large 1:1 NAT installations
 Date:  Fri, 30 Jun 2006 15:02:14 -0500 
SDarmon,

Thanks for the note. We are currently using slightly older version of Simple
DNS  Plus ( I think that's what you meant to write ). After your post I
looked at the feature list and it's a new feature!!! This will save me HOURS
of work.

Snip--------------
NAT IP alias conversion (New in v. 4.00)
In DNS responses to LAN clients only, this function changes A-records which
are pointing to a public IP address of the NAT router to point to the
corresponding private IP address of a local server. This way, for example
HTTP requests from LAN clients for local web-sites will go directly to the
local web-server instead of via the NAT router (which often does not work).
Snip---------------

For M0n0wall users with a large number of 1:1 NAT, this will simplify DNS
maintenance by more than half. Thanks for all your help on this. BTW, I jut
filled out the IP justification form for an additional /29 subnet.


  Scott Karch
  Facility Wizards Software
   scott at facilitywizards dot com
    773-832-0200 x1102
     773-832-0202 fax
      http://www.facilitywizards.com

     * Simple * Powerful * Flexible *  


-----Original Message-----
From: SDamron [mailto:sdamron at gmail dot com] 
Sent: Friday, June 30, 2006 2:27 PM
To: Scott Karch
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Help with layout....

If you are running on MS Products, Simple DNS Pro is a very nice piece
of software, very easy to use, and just plain works.

On 6/30/06, Scott Karch <scott dot k at facilitywiz dot com> wrote:
> Chris,
>
> Thanks. After posting I realized a /29 would be much cleaner as well. It
> also helps with my backup situation as well. As only the /24 is BGPd
>
> As for DNS. I'm open to any program on any platform as long as it has a
GUI.
> The project managers get/have to assign their own DNS names as new clients
> come in. We're currently using SimpleDNS on Windows, but I'd switch to
> anything if it handled the split horizon DNS. Mac, Linux, Windows..
> anything.
>
> For those unfamiliar, split horizon DNS is one term for handling DNS
> differently for internal and external users. Users on the internet might
get
> www.fwiz.com resolving to 64.1.127.144  but once we get all the 1:1 NAT
> done, we need internal users have www.fwiz.com resolve to 10.0.1.144. It
can
> be done with 2 DNS servers and duplicate sets of records, but we add and
> change records so often I'm really hoping we can find a solution that can
> resolve internal and external requests differently depending on the source
> IP. Does that explanation sound correct to you Chris?
>
>
> -----Original Message-----
> From: Chris Buechler [mailto:cbuechler at gmail dot com]
> Sent: Friday, June 30, 2006 11:57 AM
> Cc: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] Help with layout....
>
> On 6/30/06, Scott Karch <scott dot k at facilitywiz dot com> wrote:
> >
> > Man, that' what I was afraid of. I'll try and get 4 /30s to be safe. You
> > never know what you might need on the outside of the firewall.
> >
>
> You don't need four /30's.  If you think you may need to add devices
> outside the firewall in the future, get a /29.  That leaves you with 6
> total usable IP's, 4 extras.  There's no reason to burn all those
> small subnets in this situation when a single /29 would serve you
> equally well and actually better since it's cleaner.
>
>
>
> > Anyone know of the easiest way to do a ( I think this is the right term
)
> > split horizon DNS without 2 different servers?
>
> What DNS server software?
>
> -Chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>


-- 
-------------------------------
"Nothing on earth can overcome an absolutely non-resistant person."

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch