0

So basically we would like that if 2 subdomains redirect to the same IP address for example sub1.example.com and sub2.example.com redirect to 1.2.3.4. the firewall handles the request and redirects to an internal IP address.

Example:

sub1.example.com->1.2.3.4(external)->DNS->10.1.100.1(internal)

sub2.example.com->1.2.3.4(external)->DNS->192.168.0.1(internal)

A better illustration is shown in the image below: DMZ

How can this be achieved from a firewall that uses BIND 9 dns module?

Just a note: The firewall is Zentyal.

Combinu
  • 882
  • 2
  • 10
  • 31
  • Your question is offtopic here as not related to programming. But anywhere you ask for it, please make sure not to badly obfuscate: 1) do not use `corp.net` (see https://krebsonsecurity.com/2020/04/microsoft-buys-corp-com-so-bad-guys-cant/ for a very similar story), use `example.com` everywhere and see full details in RFC2606 and 2) do not use fake IP address and specifically not ones starting with `1.`. Again see RFC 5737 for full details but in short, use block `192.0.2.0/24` for documentation purposes – Patrick Mevzek Apr 21 '20 at 15:32

1 Answers1

0

This is not a BIND issue.

This is a firewall/web proxy issue. BIND is a name server, its only job is to serve IP addresses when queried with a FQDN (fully qualified domain name).

You would either need to have some type of port or selective IP forwarding on the firewall with either inbound NAT or using a forwarding proxy. Check the firewall documentation here https://doc.zentyal.org/en/firewall.html or a configuration with NAT (simplistic) https://doc.zentyal.org/en/appendix-b.html or possibly this https://doc.zentyal.org/en/appendix-c.html if you are familiar with iptables based firewalls and write the module you need.

A normal firewall/proxy would need to receive the communication, examine a portion of the IP header to determine the host destination, not the IP destination, and then forward the packet to the correct internal host.

Hmbl Stdnt
  • 11
  • 3