Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 02-11-2012, 04:45 PM   #1
Registered: Jul 2011
Location: Melbourne, AU
Distribution: Centos 5
Posts: 45

Rep: Reputation: Disabled
Question configuring DNS for many servers, 1x static IP - please help

Hi all,

This isn't specifically a linux question - more a general networking one, but i couldn't find anywhere else to put it so please bear with me.

my network runs 2x servers & 30x workstations, behind a standard ADSL router with a single, static public IP. we've never really had much to do with offering our internal services online, although our mail is stored internally through a linux box. Because this has been the only publically available service, our domain registrar's dns A record just refers the fqdn to our public IP. So far, easy peasey japanesey.

Now, ive been asked to build an additional service internally (a meeting rooms booking system), and to put it online. I'm not sure how to get the DNS redirects correctly set up to have these two services running online together.

our domain registrar manages our subdomain redirects (for example, requests to www.mydomain and shop.mydomain, which are both externally-hosted). I contacted our registrar to add an additional A record for, redirecting it to but once it was in place, requests for were just being forwarded straight to Why is this?

Given that we only have the one static IP (i enquired about getting additional static IPs, but that meant installing extra phone lines..), how can both directs go to the right places? I would especially like to know as management want even more services to go public over the coming year.

our mail.domain webmail runs off ports 443/99/25 on its own server, and the bookings thing off another box's port 80 (although I'll change this to a custom port once ssl is in).

our internal dns server (an OS X Server) just has A records pointing FQDNs to internal IPs, with automatic reverse zones. I havent looked into other kinds of records (such as cname), maybe I need to? Or, perhaps this problem relates solely to our external dns? for example, I haven't contacted our isp to make any dns changes (and I had to when we set the mail server up) only the domain registrar's dns has been changed.

Is it possible to get these two http requests online without needing more lines to the building?

Must I need to install a dedicated firewall box to handle all requests?

Oh and obviously, the last thing we want to do is have our outgoing mail suddenly getting marked as junk, by because our mail server's dns transparency (ie. mx record resolution, etc) has changed.

Thanks in advance,
Old 02-11-2012, 06:41 PM   #2
Senior Member
Registered: Aug 2009
Posts: 3,790

Rep: Reputation: 651Reputation: 651Reputation: 651Reputation: 651Reputation: 651Reputation: 651
Where to start ... let me make a few points as this isn't just a simple dns question.

- public facing services (web, dns, mail ... ) should be hosted in a DMZ or a colo datacenter, not on your internal network
- you can overload your single static ip address with multiple services but you may need a decent firewall depending on the quantity (you may need to load balance/reverse proxy)
- the redirect for was probably done as a CNAME instead of an A record, but no matter which you still only have 1 ip address for the traffic to get sent to so you need the firewall/router to forward it to the correct server. You can have your server perform the redirect to bookings, or you can use mod_proxy to make it look like all traffic is coming from the server.
- your outbound mail won't get marked as junk because an MX record change
Old 02-11-2012, 06:44 PM   #3
Registered: Aug 2006
Location: London
Distribution: Debian, Kubuntu
Posts: 572

Rep: Reputation: 75
Forward port 80 on your router to the correct LAN IP. Even the cheapest residential-grade routers allow you to do that through their web interface.
Old 02-12-2012, 09:42 AM   #4
Senior Member
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 2,599

Rep: Reputation: 1062Reputation: 1062Reputation: 1062Reputation: 1062Reputation: 1062Reputation: 1062Reputation: 1062Reputation: 1062
and if I may say

To add to what has already been said:
This is NOT really a DNS issue, this is a firewall/routing issue. You need to have your gateway (router or firewall) forwar teh traffic to the correct servers. Since your mail server does NOT need port 80 traffic, (or 8080 or 8443) you can forward and convert ports without affecting your mail server in any way. (Though the additional traffic WILL change your throughput and usage profiles: possibly significantly.)

While the best you are going to be able to do without purchasing better connectivity and/or equipment will not be optimal, you should be able to craft a fully functional solution. When (if ever) they are ready to throw some money at this: you want a secure, easily manages firewall device such as from ASTARO, and a secure DMZ to reduce your exposure. You MAY need more bandwidth, but if you do not have adequate bandwidth then your firewall should have some QOS support to ensure that web or scheduler traffic does not shut your email down. (ASTARO has what you need, but is an annual licensing expense in addition to the initial hardware cost. Best answer IMOHO, but can be a hard sell if your manager is not IT or security trained.)


dns, httpd, networking, routes

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
replace the existing dns servers with OPEN DNS servers in fedora 13 z99 Linux - Newbie 3 03-23-2011 09:29 AM
DNS Questions Multiple DNS Servers with single domain linuxcrazyguy Linux - Networking 1 01-27-2009 12:21 PM
How to set DNS servers? How to stop auto change of DNS servers? newtovanilla Linux - Newbie 1 10-29-2008 09:19 PM
TEMP_FAILURE: DNS Error: Timeout while contacting DNS servers when receiving emails tonysutherland Linux - Networking 2 02-10-2006 09:04 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:29 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration