We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

How to Configure a Split DNS Setup

  • Last updated on

In certain situations, it can be necessary to refer to a target with two different IP addresses. For instance, if a company runs a common web server for the WAN and the LAN, clients on the WAN must receive a different IP address than the clients on the LAN. In a similar scenario, two different servers with the same content can be referred to by different IP addresses, depending on where the resolving query originated from.

The solution is to configure a resource record with two IP addresses. By tagging the resource record for the external web server with a Listener Name as EXTERNAL, the related IP address will be part of the response for queries originating from the WAN. The same goes for a private web server on the LAN. However, the Listener Name of the resource record must be tagged as INTERNAL.

This example assumes that queries are originating only from direct-attached networks.

split_dns1a.png

Before You Begin
  • Verify that all service IP addresses are already configured that are necessary for answering DNS queries on the respective incoming interfaces. For more information, see How to Assign Services.
  • Resource records must always be added to an existing master zone. Verify that a master zone record is already configured.

Configure a Split DNS Setup

In this example configuration, the external web server is reachable on the IP address 62.99.0.11. On the LAN, the private web server is reachable on the IP address 172.16.0.11.

  1. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > DNS > DNS-Service.
  2. In the left menu, click Hosted Zones.
  3. In the main window, right-click onto the zone entry for which the resource record must be created, e.g., example.com (Master) zone.
  4. From the list, select Add New DNS Record to Zone.
  5. For Type, select the record type identifier, e.g., A.
  6. For Description, enter any text that best describes your host, e.g., Web server.
  7. For Name/Owner, enter the name or owner of the record, e.g., www.
  8. For TTL (time to live [sec], change the value if necessary.
  9. In the main window, click + to the right of the table of the section IP Address.
  10. The Add new Record's Element window is displayed.
  11. For IP Address, enter the IP address for the external web server, e.g., 62.99.0.11.
  12. For Listener Name select EXTERNAL.
  13. Click OK.
  14. Click + again.
  15. The Add new Record's Element window is displayed.
  16. For IP Address, enter the IP address for the internal Web server, e.g., 172.16.0.11.
  17. For Listener Name, select INTERNAL.
  18. Click OK.
    split_dns_IPs_configured.png
  19. Click OK.
    split_dns_IPs_in_master_zone.png
  20. Click Send Changes.
  21. Click Activate.

The CloudGen Firewall will now respond to internal and external queries with different IP addresses.

Last updated on