In certain situations, you might need to refer to a target with two different IP addresses. For instance, if a company runs a common web server for the WAN and the LAN, clients on the WAN must receive a different IP address than the clients on the LAN. In a similar scenario, two different servers with the same content can be referred to by different IP addresses, depending on where the resolving query originated from.
The solution is to configure a resource record with two IP addresses. By tagging the resource record for the external web server with an explicit external listener (e.g., myExternalListener) that has been priorly configured, the related IP address will be part of the response for queries originating from the WAN. The same goes for a private web server on the LAN with an explicit internal listener (e.g., myInternalListener) that has also been priorly configured. For more information on how to create an explicit listener, see How to Configure a DNS Listener.
This example assumes that queries are originating only from direct-attached networks.
Before You Begin
- Verify that all service IP addresses are already configured that are necessary for answering DNS queries on the respective incoming interfaces. For more information, see How to Assign Services.
- Resource records must always be added to an existing primary zone. Verify that a primary zone record is already configured. For more information, see How to Configure a Zone.
- Ensure that you have already configured two explicit listeners (e.g., myInternalListener, myExternalListener) with the respective classes 'INTERNAL' and 'EXTERNAL'.
For more information on how to create an explicit listener, see How to Configure a DNS Listener.
Configure a Split DNS Setup
In this example configuration, the external web server is reachable on the IP address 62.99.0.11. On the LAN, the private web server is reachable on the IP address 172.16.0.11.
- Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > DNS > DNS-Service.
- In the left menu, click Hosted Zones.
- In the main window, right-click on the zone entry for which the resource record must be created, e.g., example.com (Primary) zone.
- From the list, select Add New DNS Record to Zone.
- For Type, select the record type identifier, e.g., A.
- For Description, enter any text that best describes your host, e.g.,
Web server.
- For Name/Owner, enter the name or owner of the record, e.g.,
www
. - For TTL (time to live [sec]), change the value if necessary.
- In the main window, click + to the right of the table of the section IP Address.
- The Add new Record's Element window is displayed.
- For IP Address, enter the IP address for the external web server, e.g.,
62.99.0.11
. - For Listener Name, select your explicitly configured external listener, e.g., myExternalListener.
- Click OK.
- Click + again.
- The Add new Record's Element window is displayed.
- For IP Address, enter the IP address for the internal Web server, e.g.,
172.16.0.11
. - For Listener Name, select your explicitly configured internal listener, e.g. myInternalListener.
- Click OK.
- Click OK.
- Click Send Changes.
- Click Activate.
The CloudGen Firewall will now respond to internal and external queries with different IP addresses.