LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices


Reply
  Search this Thread
Old 05-19-2007, 10:41 PM   #1
rockmanchile
LQ Newbie
 
Registered: May 2007
Distribution: DEBIAN ETCH
Posts: 3

Rep: Reputation: 0
a little help with BIND9


hi..

Recently i haved install and configured bind9 on a debian etch machine, with two domains that are already resolving names on the server working perfectly fine, but not exactly in the way that i want to.

The thing is that i have configured the DNS server to resolv the incoming petition to a WAN IP as is described in the zone file below :

innova-ingenieria.org. IN SOA ns.innova-ingenieria.org. admin@innova-$
4
28800
3600
604800
38400 )

innova-ingenieria.org. IN NS ns.innova-ingenieria.org.
innova-ingenieria.org. IN MX 10 ns.innova-ingenieria.org.

www IN A 200.27.67.110
mta IN A 10.0.0.180
ns IN A 10.0.0.180


.... so my problem is that i dont want that the petition be delivered on the IP 200.27.67.110. I need that the redirection be made on a local machine (10.0.0.180 for example) and the contents of the site could be viewed from outside.

A friend told me that this can be done but only if my DNS server works as the name resolver of my LAN.

Whe are trying to reduce the numbers of WAN IPīs (right know we have several sites working on diferents WAN IPīs)

ŋ Can somebody tell me how can i make this ?

Best regards.

Rockamchile
 
Old 05-21-2007, 10:32 PM   #2
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Rep: Reputation: 49
If I understand what you want to do correctly, your friend is completely wrong. You cannot have any private IP addresses in your zone file, that means anything beginning with 192.168, 172.16-172.31, 169.254, or 10. You cannot route to those addresses from the outside world. The only people an address like that will work for are those on your LAN. If you are setting up local DNS just for your home or office, then all of the addresses should be 10.0.0.180, and not use the public IP at all.

If you want private addresses for your LAN and public for the rest of the world, then you need to configure views in BIND.

Please check out http://www.dnsstuff.com/tools/dnsrep...ingenieria.org because you have many problems with your setup.

Peace,
JimBass
 
Old 05-22-2007, 09:08 AM   #3
rockmanchile
LQ Newbie
 
Registered: May 2007
Distribution: DEBIAN ETCH
Posts: 3

Original Poster
Rep: Reputation: 0
Thanks man....

Another thing.... can you have multiple sites with SSL certificates over a single webserver an just one WAN IP ?

The thing is that we have an IIS server (Microsoft) with a lot of websites but we cannot give more than one SSL per WAN IP. That means that no matter how much sites we have with SSL on the webserver, from outside always opens the first one that found and leave the other ones without access (Every time that we try to put https:// with any of the sites that are at that moment on the server with SSL certificates, it takes us to a same website)

We try to give virtual IP`s to each website and give each one of them a certificate but the problem goes on. Im not very sure, but i think i read once that it can only be one SSL certificate per WAN IP.
Its thats true, it means that i should have one certificate for each WAN IP (200.1.2.3 ==> SSL1, 200.1.2.4 ==> SSL 2, etc...) wich i think its not a very good idea.

We also try to give each site a diferent SSL port and for a time it works fine. The only problem was that the users must put the number of the port after the name of the site (example : https://www.myproblem.com:444) and with many users working behind firewalls outside the company, they couldnt reach the sites because their network administrator only allow SSL trafic on the standar 443 port.

I was thinking in use Apache to redirect some of the sites and use SSL Tunnel, but im still have a lots of doubts of how to use it.

Can you help me with this ?

Do i need more tools to do this or do you know a better way to do it ?

Thanks

Rockmanchile

Last edited by rockmanchile; 05-22-2007 at 09:10 AM.
 
Old 05-22-2007, 06:40 PM   #4
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Rep: Reputation: 49
First and foremost, this new question has nothing to do with the previous one, and should not be in the same thread. Think about the next person searching for this same question (which you obviously didn't do). If they search for anything with DNS, or SSL, they end up with this thread. What you should have done was simply started a new thread (or even better, used the search feature here or at all powerful google) and you would have found your answer.

No, you can't run multiple SSL sites on one IP address. That is not the fault of IIS, or apache, that is how SSL (https) is designed. You can do it with different ports, but you stated you don't want to do that.

Peace,
JimBass
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Bind9.3 MX Help Fredstar Linux - Networking 1 04-15-2007 10:57 PM
BInd9 and VIEW unkn0wn Linux - Networking 2 07-19-2006 08:04 AM
Bind9 help!! Fredstar Linux - Newbie 10 08-30-2005 09:47 PM
Bind9 tandre Linux - Software 1 04-08-2003 09:29 AM
bind9 unixkid Linux - Networking 3 08-30-2002 02:43 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian

All times are GMT -5. The time now is 07:32 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration