Monday, December 9, 2019

Using public IP addresses for internal DNS entries

Hey all,

Boss man is tired of our "split horizon" DNS setup. We have websites that are external facing (they should be in a dmz but we aren't their quite yet), but are also reached by internal users. The boss wants the internal DNS entry to be the public IP address. I see two issues here..

1) hairpin on the firewall 2) we have null routing for our public blocks (loop prevention?)

I can get this to work probably, but what are your thoughts? It's a weird situation I feel like. Maybe less weird once we have the dmz established.



No comments:

Post a Comment