How to Configure Split DNS



Similar documents
LinkProof DNS Quick Start Guide

Application and service delivery with the Elfiq idns module

How To Manage Dns On An Elfiq Link Load Balancer (Link Balancer) On A Pcode (Networking) On Ipad Or Ipad (Netware) On Your Ipad On A Ipad At A Pc Or Ipa

- Domain Name System -

Copyright

ECE 4321 Computer Networks. Network Programming

DNS. Computer networks - Administration 1DV202. fredag 30 mars 12

DNS. Computer Networks. Seminar 12

HTG XROADS NETWORKS. Network Appliance How To Guide: DNS Delegation. How To Guide

The Erado Hosted Messaging Installation Process Erado Hosted Mail Services with Domain Transfer

How to Add Domains and DNS Records

Local DNS Attack Lab. 1 Lab Overview. 2 Lab Environment. SEED Labs Local DNS Attack Lab 1

Creating a master/slave DNS server combination for your Grid Infrastructure

HTG XROADS NETWORKS. Network Appliance How To Guide: EdgeDNS. How To Guide

How to set up the Integrated DNS Server for Inbound Load Balancing

DNS. The Root Name Servers. DNS Hierarchy. Computer System Security and Management SMD139. Root name server. .se name server. .

Using Webmin and Bind9 to Setup DNS Sever on Linux

Inbound Load Balance. User Manual

Domain Name Servers. Domain Types WWW host names. Internet Names. COMP476 Networked Computer Systems. Domain Name Servers

DNS : Domain Name System

Understanding DNS (the Domain Name System)

Configuring the BIND name server (named) Configuring the BIND resolver Constructing the name server database files

How To Guide Edge Network Appliance How To Guide:

Domain Name System Security

KAREL UCAP DNS AND DHCP CONCEPTS MANUAL MADE BY: KAREL ELEKTRONIK SANAYI ve TICARET A.S. Organize Sanayi Gazneliler Caddesi 10

Solaris Networking Guide. Stewart Watkiss. Volume. New User To Technical Expert Solaris Bookshelf. This document is currently under construction

Configuring a Domain to work with your Server

# $ # % $ % $ % & ' $( # ) *$ mail.virgilio.it ftp.cs.cornell.edu

Domain Name Server. Training Division National Informatics Centre New Delhi

Domain Name System :49:44 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

How to Configure the Windows DNS Server

DNS Session 4: Delegation and reverse DNS. Joe Abley AfNOG 2006 workshop

Enterprise Architecture Office Resource Document Design Note - Domain Name System (DNS)

Configuration Example

DNS: How it works. DNS: How it works (more or less ) DNS: How it Works. Technical Seminars Spring Paul Semple psemple@rm.

Configuring Security for SMTP Traffic

Pass Through Proxy. How-to. Overview:..1 Why PTP?...1

2 HDE Controller X DNS Server Manual

Simple DNS Configuration Example

Building a Linux IPv6 DNS Server

Module 2. Configuring and Troubleshooting DNS. Contents:

Application Note. SIP Domain Management

Motivation. Domain Name System (DNS) Flat Namespace. Hierarchical Namespace

Installing and Setting up Microsoft DNS Server

freesshd SFTP Server on Windows

The memoq server in a Corporate Network

DNS Pharming Attack Lab

Introduction to DNS and Application Issues related to DNS. Kirk Farquhar

Services: DNS domain name system

CSIS 3230 Computer Networking Principles, Spring 2012 Lab 7 Domain Name System (DNS)

DNS Domain Name System

The memoq server in a Corporate Network

DNS zone transfers from FreeIPA to non-freeipa slave servers

Step-by-Step Configuration

2G1701 Advanced Internetworking Group 5 : KiStaNEt ISP Project Report

Configuring an External Domain

Lesson 13: DNS Security. Javier Osuna GMV Head of Security and Process Consulting Division

DNS based Load Balancing with Fault Tolerance

The Use of DNS Resource Records

DNS and BIND Primer. Pete Nesbitt linux1.ca. April 2012

Application Protocols in the TCP/IP Reference Model

Talk-101 User Guide. DNSGate

Active Directory Self-Service FAQ

G/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy

Cork Institute of Technology Master of Science in Computing in Education National Framework of Qualifications Level 9

Configuring Global Protect SSL VPN with a user-defined port

Understand Names Resolution

This article describes a detailed configuration example that demonstrates how to configure Cyberoam to provide the access of internal resources.

Setting Up Scan to SMB on TaskALFA series MFP s.

Zimbra :: The Leader in Open Source Collaboration. Administrator's PowerTip #3: June 21, 2007 Zimbra Forums - Zimbra wiki - Zimbra Blog

Norman Protection

PIX/ASA: Allow Remote Desktop Protocol Connection through the Security Appliance Configuration Example

Remote DNS Cache Poisoning Attack Lab

DNS Architecture Case Study: Resiliency and Disaster Recovery

How-to: DNS Enumeration

Designing, Deploying and Managing a Network Solution for Small- and Medium-sized Businesses Course No. MS Days

Chapter 4 Customizing Your Network Settings

Borderware MXtreme. Secure Gateway QuickStart Guide. Copyright 2005 CRYPTOCard Corporation All Rights Reserved

Application Protocols in the TCP/IP Reference Model. Application Protocols in the TCP/IP Reference Model. DNS - Concept. DNS - Domain Name System

INTEGRATING VITALQIP WITH MICROSOFT WINDOWS NETWORKING/ ACTIVE DIRECTORY

Domain Name System (DNS)

Configuration Example

DNS and BIND. David White

NetSpective Global Proxy Configuration Guide

For extra services running behind your router. What to do after IP change

How to Configure Active Directory based User Authentication

How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

LAN TCP/IP and DHCP Setup

Deploying ModusGate with Exchange Server. (Version 4.0+)

Copyright International Business Machines Corporation All rights reserved. US Government Users Restricted Rights Use, duplication or disclosure

Deploying & Configuring a DNS Server on OpenServer 6 or UnixWare 7. Kirk Farquhar

"Charting the Course... Enterprise Linux Networking Services Course Summary

netkit lab load balancer dns 1.2 Massimo Rimondini Version Author(s)

DNS use guidelines in AWS Jan 5, 2015 Version 1.0

Transcription:

How to Configure Split DNS Split DNS is a concept that allows a hostname to resolve to one IP address on the internal network, and another on the external network. An example is the G/On Server if it is to be used both internally and externally. If the hostname of the G/On Server is gon.company.com it might resolve to 10.0.0.10 on the internal network and 80.200.100.10 on the external network. The external IP address will then be Network Address Translated (NAT) through the firewall to the internal IP address of 10.0.0.10. Any application client (like Outlook) that uses a hostname to connect to an application server (like Exchange) must be able to resolve this hostname to the loopback address 127.0.0.2 when connecting through G/On. This is because G/On uses the loopback interface to direct all traffic through the encrypted connection between the G/On Client and the G/On Server. Outlook Client Setup An example is an Outlook client that connects to an Exchange server using a hostname. If the hostname is exch01.company.com for user John Doe, the Exchange server settings will look as follows. Giritech A/S. - 1 - How To Configure Split DNS

Internal DNS The resolution of the hostname exch01.company.com to the IP address 10.0.0.101 and the subsequent connection between the Outlook client and the Exchange server will be accomplished as follows. Since both the Outlook client and the Exchange server are on the same network, the Outlook client can easily resolve the hostname exch01.company.com to the correct IP address of 10.0.0.101. This results in the traffic flow below. Giritech A/S. - 2 - How To Configure Split DNS

External DNS When the Outlook client needs to connect through G/On, the connection can no longer be established directly to the Exchange server s internal IP address. Instead, the hostname exch01.company.com should now resolve to the loopback address the G/On Client is listening on. This requires that the external Domain Name Server resolves exch01.company.com to 127.0.0.2. Since the Outlook client and Exchange server no longer are on the same network, the connection is now established through the connection between the G/On Client and the G/On Server. This results in the traffic flow below. Giritech A/S. - 3 - How To Configure Split DNS

Web Server Access Another scenario where Split DNS sometimes is needed is Web Server access. If each website is on a separate web server, then Split DNS is not needed because the URL can be configured to go through the G/On Client by specifying http://127.0.0.2/ If several websites exists on one web server, it may be necessary to use Split DNS depending on how the web server is configured. If you have the following setup for www.company.com: Then there are two different ways of accessing these websites either as http://www.company.com/news or http://news.company.com In the first scenario, G/On can be configured to connect to http://127.0.0.2/news and Split DNS is not needed. Giritech A/S. - 4 - How To Configure Split DNS

In the second scenario G/On must be configured to connect to http://news.company.com which would require an external DNS to resolve news.company.com to 127.0.0.2. Giritech A/S. - 5 - How To Configure Split DNS

DNS Configuration In the above examples, the external DNS would be configured as follows: @ IN SOA company.com. support.isp.com. ( 2007042401 ;serial 3600 ;refresh 300 ;retry 3600000 ;expire 86400 ;minimum ) IN NS ns1.isp.com. ; gon IN A 80.200.100.10 exch01 IN A 127.0.0.2 www IN A 127.0.0.2 news IN A 127.0.0.2 sales IN A 127.0.0.2 support IN A 127.0.0.2 And the internal DNS would look as follows: @ IN SOA company.com. root.company.com. ( 2007042401 ;serial 3600 ;refresh 300 ;retry 3600000 ;expire 86400 ;minimum ) IN NS ns1.company.com. ; gon IN A 10.0.0.10 exch01 IN A 10.0.0.101 www IN A 10.0.0.102 news IN CNAME www sales IN CNAME www support IN CNAME www Giritech A/S. - 6 - How To Configure Split DNS

Security Concerns The DNS server should be configured not to divulge the contents of the domain to anyone except the secondary DNS for the domain. This prevents a potential attacker from dumping the contents of the domain. named.conf Example # # named.conf file for company.com master server # acl dns-slaves { 80.200.100.6; 80.100.100.3 options { directory "/etc"; allow-transfer { dns-slaves; localhost; zone "company.com" in { type master; file "company.data"; zone "100.200.80.in-addr.arpa" in { type master; file "company.rev"; zone "0.0.127.in-addr.arpa" in { type master; file "company.local"; Loopback Hacking Should an attacker manage to find out that the company.com domain contains a host called exch01 and the attacker decides to scan this server, what really happens is that the attacker will scan his/her own PC because the returned IP address corresponds to the attacker s own loopback interface. Giritech A/S. - 7 - How To Configure Split DNS

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information