0

Short and clean question

We has domain that can be resolved and accessed from internet as ip. On host with that ip we has NAT and virtual machines that hidden behind that NAT. How can we give access to that machines by subdomain names like ssh v1.domain?

Full original question

The problem is that our servers is going to move from our local network to datacenter. So we need some method to access it and we want it in pretty format.

We have two servers (h1 - windows server 2012, h2 - centos 7) with virtual machines (v1, v2, ..), many services (does not matter), registered domain name domain and one public ip (ip).

Is it possible to set up DNS such as BIND on server h(x) or v(x) to provide access to machines and services in a way

ssh h1.domain
ping v2.domain

The situation as I see it. When I do ping v2.domain from local computer. Local resolver will resolve name domain to ip by outer DNS server (for example it will be h2). And my computer honestly ping h2. The presence of BIND DNS server on h2 will change nothing.

If I set on my local machine h2 as DNS server. It will be even worse because local resolver will get local ip like 192.168.1.2 that v2 got from DHCP on h2.

So I got lost. Need help while servers still in local network and we can do any experiments on them.

Improve this question
8
  • I'm really not sure what you are asking for. It would seem that what you want is what standard DNS does for you so as you have a domain, why not amend your existing DNS settings?
    – Julian Knight
    Commented Apr 29, 2015 at 16:27
  • If standard DNS can help in this situation it will be nice. But i don't understand how it will work. We don't want to buy public ip for every host and every virtual machine that we have. We will place all our virtual machines behind NAT and it will be unreachable from internet.
    – vvkuznetsov
    Commented Apr 29, 2015 at 19:31
  • In some ways yes, we want it to looks like standard DNS. And short question is "is it possible to reach our machines that placed behind NAT from internet using standard DNS". I think it's something impossible without intelligent routing.
    – vvkuznetsov
    Commented Apr 29, 2015 at 19:43
  • You can do that as long as your ISP doesn't also NAT (yes BT I'm referring to you!). That is what NAT is all about. The address translation converts from public to private address and back as needed. The outside world only sees 1 address. Of course, that limits the PORTS you can use so you might also need to translate ports as well. All routers will support both. You can, however also run your own DNS but this is complex to configure.
    – Julian Knight
    Commented Apr 29, 2015 at 20:38
  • sorry I can't really grasp how to implement what you're saying. address translation has to follow some rules or routes. For example: there's NAT on host with outer ip and it receive connection to 192.168.1.2 We can configure to bind it to machine in sub networks. But how we achieve that? Second example: command ping v1.domain on local computer before ping will resolve v1.domain in outer ip of host with NAT and ping command will connect to it with the same ip... Or we need on every developer computer add default gateway to host ip and host resolution for subdomains?
    – vvkuznetsov
    Commented Apr 29, 2015 at 22:14

3 Answers 3

Reset to default
0

I think you might be over complicating things. Internally, you can use IP addresses, use your DHCP service to fix the addresses of the servers so they don't change. Externally you need DNS - the IP doesn't change because DNS points to the EXTERNAL address of your router. If you really must have internal naming, you need an internal DNS. But to get that right, the DNS has to be configured to hand-off external lookups correctly. It is complex, hire someone to help.

NAT does need configuring but if you have fixed the internal addresses, this only needs doing once. NAT/PAT maps an external IP:port combination to an internal IP:port combination. External IP is assigned by your ISP, internal by your DHCP service (possibly the router, possibly a server) in which you have mapped your servers MAC address to a fixed, non-internet-routable IP address.

Improve this answer
0

My first idea is VPN + nginx on host available by ip (h2).

For entire network nginx will listen to 80 port on ip and will upstream sites from any machines using VPN or maybe even local DNS. That all sounds like a magic to me )).

So I will set up VPN host on h2 and add every machine and virtual machine to that virtual network. As a result developer that want to access machines and virtual machines will join VPN and will have that access by ip from the box and pretty access by using local DNS as primary DNS.

Though I still don't know a good way to combine VPN and DNS, is it possible to configure VPN to force joined members to use local DNS?

Improve this answer
0

Thank's to Julian Knight that pointed to that we overcomplicated our task. We think it over and decided to go in another direction. I think we'll simply buy pool of public ip addresses and make use of standard DNS by adding records in panel of our domain name registrator.

So the answer for that question is no longer needed.

Improve this answer
0

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .