I have a couple of questions regarding the DNS servers.
What I intend to do for some time now is to get a dedicated DNS server. Install all the needed applications and software to do so. I am planning on using BIND.
However, my qeustion is how do I proceed with setting the things up. The point of this is to hide the IPs of my webserver, a sort of filtering will be done there. I basically want when a domain lookup is made, to show the IPs of the DNS server, not the webserver. How can this be done most efficiently?
Hello and Welcome!:)
I've never setup a DNS server, but maybe this will help: Linux DNS server BIND configuration
It might answer some of your questions until someone more experienced comes along.
(One of) The purpose(s) of dns is to translate between hostnames and IPs.
Server/computer find each other via IPs and routing.
So I do not quite understand, why you want to hide your webservers IP.
One can run webservers on private IPs, but you would still need a service such as a proxy or loadbalancer with a public IP to forward requests.
Can you maybe clarify what you want to achieve with IP hiding?
Originally Posted by Irithori
I would like to build the following infrastructure:
reqeust - > dns server -> forwarded to firewall server -> forwarded to webserver
The thing I would like to do is keep the webserver's IP private and the firwall and dns server IPs public.
Something like cloudflare if you have ever used it - when using their DNS services, the real webserevr IP is hidden from the public.
If you have a firewall, with a private network behind it, all you need is for
DNS to give the IP address of the firewall. If the real server is behind a NAT
router, just port forward to the private address of the server.
Nah, there is no private network behind it. Everything would be made on a public network.
Originally Posted by rcgreen
I already got the prototype and the idea ready, however I thought that someone has developed somethign similar to this and can give me a suggestion to optimise and make it more efficient, as the way I am working on would be be really efficient and might not work up well.