-1

I am having a domain (say, example.com) and a Static IP(say 192.168.1.200) from my ISP. The A record of domain points to that Static IP. I have used port forwarding in router to route all requests to a Server on my local network(10.0.0.10). Now when I open my domain, the content is served from the Server on my local network. As of now, everything works perfect.

I am now trying to set up an Internal DNS for my dev environment(say dev.example.com). When I am accessing it in my local network, the traffic should be served from my Local Network. This will save me time and bandwidth.

At the same time, it should be accessible from external network too.

I could achieve it by adding entires in host file when I am in my Local Network but it is a bad idea as many Users will be involved.

How can I achieve this?

devel0pp3r
  • 1
  • 2
    Software such as BIND9 have [views](https://kb.isc.org/article/AA-00851/0/Understanding-views-in-BIND-9-by-example.html), which can be used to serve different answers depending on factors such as the querying IP address. – Torin Apr 27 '18 at 16:07
  • 3
    Possible duplicate of [Overriding some DNS entries in BIND for internal networks](https://serverfault.com/questions/18748/overriding-some-dns-entries-in-bind-for-internal-networks) – Jenny D Apr 27 '18 at 18:08
  • 1
    This [question](https://superuser.com/q/1176489/326546) may be relevant to you. – kasperd Apr 28 '18 at 18:38

2 Answers2

2

TL;DR: Don't use DNS to bypass routing. Let the router route, it's more economical.

Please reconsider your architecture. The only thing that you are trying to save is a single router hop*. These are microseconds. You're trying to sacrifice the usability and predictability of your DNS to save mere microseconds.

A single case of your mental confusion "I tought that domain name resolved to there but I forgot it resolved here duh!" will likely cost you a many times more than all these microseconds accumulated. And it will happen in future.

Split-view DNS is a burden. Every case I've seen, it always introduces a risk of pitfalls and it always adds one troubleshooting step. Sadly, it's nearly impossible to eradicate once it is introduced (this is the main reason it's so widespread in large organizations; this and good old cargo-culting).

Lets say you troubleshoot a connection issue. With a clean unitary DNS, you ask "What url did you use?". With split-view DNS, you need to ask "What url did you use? And by the way what was the IP of the actual machine that resolved name for that url?" It's much harder to answer (in future be prepared that proxies and proxy chains start to grow). It doesn't matter that only few names actually resolve to different IP addresses, because you need to look into split-view config for each such case that even touches a split-view zone of DNS. So you either curse your DNS on these occasions, or you let your router do its intended job. It's a piece of hardware so it probably won't curse you.

[* Yes, you may be concerned also about throughput. I guess it is not a real problem: you probably don't saturate a router interface on dev environment. If you do saturate it on a dev environment (say for example it's 100 Mbps), then there is no sense whatsoever to consider the same router for production users - you desperately need to upgrade the router.]

kubanczyk
  • 13,812
  • 5
  • 41
  • 55
  • 2
    I second this. It took me almost a year to untangle split view from just one domain in my company. People never understand when I try to explain the complexity trap they are about to get in. – Aaron Apr 27 '18 at 21:10
0

I would setup an internal DNS server that would be authoritative for something like example.dev (instead of using subdomain dev.example.com).

Use the internal DNS as your resolver for users internally.

As long as the internal DNS as proper resolvers for all domain it does not know about (example.com for instance) everything will work fine.

Alex
  • 3,129
  • 21
  • 28