DNS hosting on a DMZ
Hi,
I am setting up a couple of DNS zones on a DMZ with private IPs (192.168.1.0/24). What I want to do is leave the DNS server with the private IP address and have a rule in the firewall that says, in effect:
anything coming to my external IP address (66.92.x.x.) on the DNS ports should be routed to the DMZ machine(s) bearing the private IPs (192.168.1.0/24) ... and the same goes for outgoing DNS traffic....from private back out to public.
These servers will only be hosting DNS for the global Internet, not for my private LAN. (They will also host www and mail, but that's immaterial).
I guess my question is, can I get away with this, or will I have to change something in the DNS zone data files to specify that this will be for the global Internet, not for a private LAN.
Thanks in advance for any ideas.
Regards,
Dave
|