[Freeipa-users] non-authoritative tricks for DNS resolution
Brendan Kearney
bpk678 at gmail.com
Sun Jul 17 20:36:25 UTC 2016
i am looking to setup a VPN in order to access some resources, and want
to point my clients at this resource via DNS. the resource i am
accessing is internet resolvable, but i am accessing it via the VPN, and
using a NAT for the VPN (full 1-to-1 or static NAT). i want to have a
record in my DNS for this resource, using its proper name (which i am
not authoritative for), but assign it the IP of my NAT.
say for example, host.domain-ext.tld is the resource i want to access,
and it resolves externally to 1.2.3.4. my VPN NAT would be
192.168.99.137. i want internal resolution of DNS to point to
192.168.99.137 so the network routing takes my internal clients to the
VPN and not out to the internet.
i am using isc bind, bind-dyndb-ldap, and fedora, but not freeipa, for
dns. how do i setup the zone and record to accomplish this DNS trick?
i have talked with some DNS gurus and they indicate that i can do
something with the "@" record. it seems that the record i want, would
be its own zone, and the @ record would point to the name, and the SOA
would be the NAT IP. i could be wrong about the details, but something
like this is how to setup resolution the way i want.
any pointers would be greatly appreciated.
thanks,
brendan
More information about the Freeipa-users
mailing list