Public facing DNS server

Issues related to configuring your network
supertight
Posts: 171
Joined: 2017/02/07 21:47:51

Re: Public facing DNS server

Post by supertight » 2017/05/18 03:40:35

aks wrote:Hmmm, I don't think that'll work as the traffic from the web server will have a source of <private IP>, so the originator can't reply to the message(s).
I think what you want is a reverse proxy.

All traffic inbound hits the proxy and the proxy forwards the request (based on say the URL) to the responsible web server. The web server replies to the proxy and the proxy forwards that onto the client. As the proxy is Internet facing, the originator can simply reply to the proxy (who will forward the request to the web server as before).

Make sense?

How you go about that depends on what proxy you choose to use (many people use Nginx, Apache HTTPd, Apache Traffic Manager and so on - there are many to choose from).
I flipping knew it! The second I started typing it up. I realized that even if the request hit's the server. The DNS is going to give up an internal address that's useless to the browser. FUDGE! I don't know what I was thinking. So noobish of me.

I'm using a server running HTTPd, hosting one(1) of my domains. Can I configure it to send the http/ https/ ftp/ request to another server hosting my other two(2) domains?

mghe
Posts: 766
Joined: 2015/11/24 12:04:43
Location: Katowice, Poland

Re: Public facing DNS server

Post by mghe » 2017/05/18 11:47:22

You should make forward zone from external DNS to internal DNS:

Tip: https://nnc3.com/mags/Networking2/dns/ch10_05.htm <- 10.5.2. Forward Zones

aks
Posts: 3073
Joined: 2014/09/20 11:22:14

Re: Public facing DNS server

Post by aks » 2017/05/18 16:02:57

The keywords to have for Apache http proxy are:

ProxyPassReverse /MyURL https://<Internal_IP>:<Port>/MyURL
ProxyPass /MyURL https://<Internal_IP>:<Port>/MyURL

(note this assumes end to end HTTPS - otherwise substitute http for https in the above - and the MyURl, Internal_IP and Port).

And have a look at the Apache docs using those keywords for detailed explanation.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Public facing DNS server

Post by TrevorH » 2017/05/18 16:52:45

How did we get from DNS to http proxy?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

aks
Posts: 3073
Joined: 2014/09/20 11:22:14

Re: Public facing DNS server

Post by aks » 2017/05/18 18:53:02

Traffic details posted earlier (and no I was not suggesting DNS proxy - although you probably could .... seems silly though).

supertight
Posts: 171
Joined: 2017/02/07 21:47:51

Re: Public facing DNS server

Post by supertight » 2017/05/19 02:27:08

TrevorH wrote:How did we get from DNS to http proxy?
We realized that I need reverse proxy setup. Not DNS to direct incoming traffic from my external ip to the proper server hosing my http/ https/ ftp/ sites.

Post Reply