I'm assuming the zone you are authoritative for on your LAN something other than skylineaero.com. I'm also assuming that the "external" DNS points to a NAT'd IP address, not the native IP that is on your network.
The only way to really do it, is to have a "bastard" copy of the zone running inside your firewall (on your internal DNS server). You have the A records point to the internal IPs you want people to hit. This method introduces a level of complexity because it means you now have to make sure your internal and external records match up with the NAT you're doing on your firewall. FWIW, the Cisco PIX will "cleanse" DNS A records for you. The PIX watches DNS queries that enter its external interface destined for your nameservers (which are NAT'd to internal DNS servers). When it passes the packet back to the querying host on the outside, it substitutes the A record showing the internal IP with an A record showing the NAT'd IP. It can do this, because it's doing the NAT and it's aware of it. The benefit here is that you only have one place to manage your DNS records and the PIX handles the rest. Andrew Gaffney said: > I run a Gentoo server at skylineaero.com. I have someone else running my > DNS for me. > Inside the LAN, I want to run a full DNS server for boxes inside the LAN. > That part is > easy. Here's the hard part. When any computer inside the LAN tries to > resolve > skylineaero.com, www.skylineaero.com, etc., I want it to get the LAN IP > instead of the > external internet IP. How can I do this? > > -- > Andrew Gaffney > System Administrator > Skyline Aeronautics, LLC. > 776 North Bell Avenue > Chesterfield, MO 63005 > 636-357-1548 > > > -- > [EMAIL PROTECTED] mailing list > -- [EMAIL PROTECTED] mailing list
