Support for split DNS to allow seperate internal/external zone files
I would like support for separate internal and external DNS records. This can be easily achieved using Views in BIND 9.x (and possibly other DNS services) if the support for populating the different zone files was added in Zone Templates. Currently BIND on cPanel has two views configured but they both point to the same zone files. If the Zone Templates page offered an external (default) template as well as a second template for use by theinternal view the two views could be kept created and maintained by WHM and would save me having to setup alternative DNS for my internal network or run a product like Unbound to translate the DNS records for me.
There would need to be an additional configuration page for setting up the view clauses and provide the
address_match_elements for the match-client
and match-destinations directives instead of the default 'localnets' that is currently being used but I do not see this as being a big job, BIND will do the hard work for you.
I like this idea 
cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.
I'm curious to know more about your setup. The only time I've used split-horizon DNS was when I set up a server to act as a router for my home network, so I could have DNS for all my internal systems and a caching resolver for external queries. cPanel systems typically aren't used that way. What problem does this solve for you?
I'm curious to know more about your setup. The only time I've used split-horizon DNS was when I set up a server to act as a router for my home network, so I could have DNS for all my internal systems and a caching resolver for external queries. cPanel systems typically aren't used that way. What problem does this solve for you?
I work for a college and I use WHM to give the IT students their own cPanel environment to develop websites in. It's ideal for that since I have 100+ accounts to manage each year and they all need to be the same.
From the DNS perspective, they access their accounts internally, while they are at college but also they want to be able to access them from home as well. As a solution, I've set up a zone in my internal resolver and populated with the records from out of the cPanel server (having changed the IP addresses). It's OK but not ideal. I could probably automate it all with a cron job but it's still a bit poor.
I work for a college and I use WHM to give the IT students their own cPanel environment to develop websites in. It's ideal for that since I have 100+ accounts to manage each year and they all need to be the same.
From the DNS perspective, they access their accounts internally, while they are at college but also they want to be able to access them from home as well. As a solution, I've set up a zone in my internal resolver and populated with the records from out of the cPanel server (having changed the IP addresses). It's OK but not ideal. I could probably automate it all with a cron job but it's still a bit poor.
That's an incredibly interesting use case. I'm excited to see if there are any other use cases for this, or if that would be something that would help other educators. If you know of others that would make use of this feature, feel free to ask them to vote here!
That's an incredibly interesting use case. I'm excited to see if there are any other use cases for this, or if that would be something that would help other educators. If you know of others that would make use of this feature, feel free to ask them to vote here!
I have a use case as well. My servers sit behind a firewall with VPN services that myself and several clients use. The servers all have private IPs. It would be nice to support an internal/external view where all clients not on the private subnet get public IPs when requesting lookups for zones and for my servers and VPN clients to get the private IP address when doing lookups to keep all traffic going over the VPN automatically. This would also eliminate the need for me to setup crazy NAT hairpin rules on my firewall so that each of my servers on the private network can also reach things by their public NAT'd IP from behind the firewall.
I have a use case as well. My servers sit behind a firewall with VPN services that myself and several clients use. The servers all have private IPs. It would be nice to support an internal/external view where all clients not on the private subnet get public IPs when requesting lookups for zones and for my servers and VPN clients to get the private IP address when doing lookups to keep all traffic going over the VPN automatically. This would also eliminate the need for me to setup crazy NAT hairpin rules on my firewall so that each of my servers on the private network can also reach things by their public NAT'd IP from behind the firewall.
This would be great feature to have particularly when there are multiple web servers behind NATed firewall. This will help lot of small organisations.
This would be great feature to have particularly when there are multiple web servers behind NATed firewall. This will help lot of small organisations.
Replies have been locked on this page!