OS & Networking
Posted By Irfad

Split DNS – Explained

In one of my previous post about setting up Zimbra mail server application, I’ve mentioned about configuring a Split DNS (local DNS) server using bind9 on server itself. In this article I’ll explain why is it important to a mail server and how it works.

Before we go into detail, you should have a good understanding of DNS system. Read these articles to learn the basics of DNS system How DNS Works / DNS Hierarchy and if you know it already you can skip this.

Typical Setup

Assuming we have a mail server to be installed which is sitting behind a firewall with a Private IP address of 192.168.10.100 and a Public IP address 124.44.22.153 assigned by ISP to the wan side of the firewall as shown in figure below.

[lbfenix img=”http://i1134.photobucket.com/albums/m608/irfadraz/Split%20DNS/typical_setup_zps86944885.jpg”]Typical Setup DNS[/lbfenix]

The Problem With Typical Setup

Emails get routed by domain’s MX (Mail Exchange) record . When we set MX record in our main domain server we can only specify the Public IP address of the our internet connection thus emails will be forwarded to correct destination. In this case our server.

When the email server itself looks up for MX for its domain, the response from the Public DNS server will the Public IP address of the firewall. As server knows only about its Private IP address which is 192.168.10.100 it’ll reject the response as it’s an invalid address of it’s interface and will not function properly.

[lbfenix img=”http://i1134.photobucket.com/albums/m608/irfadraz/Split%20DNS/typical_request_zpsb124d818.jpg”]Problem With Typical Setup DNS[/lbfenix]

Solution

This situation can be solved by configuring an internal DNS server where the email server looks up for MX locally as we can see in the figure below and get its Private IP as we set up the records in Private DNS server, while Public DNS server routes the emails by pointing MX to our Public IP address for other mail servers.

[lbfenix img=”http://i1134.photobucket.com/albums/m608/irfadraz/Split%20DNS/split_dns_zps5761650b.jpg”]Problem With Typical Setup DNS[/lbfenix]

Conclusion

Now we understand why we need an internal DNS as we can point out the records to internal IP address and it’s the idea of Split DNS. Having 2 DNS servers separated by Public and Private limitations. Instructions on setting up a Bind DNS server in Ubuntu can be found here

View Comments
View Comments
There are currently no comments.

This site uses Akismet to reduce spam. Learn how your comment data is processed.