0

We have a set of internal services used by our business applications.

Some of them are defined by IP. We are thinking about replacing them all with service subdomains instead pointing to the private IP.

Example:

  • data.corp.com
  • reporting.corp.com

We could add this to our router and simply have them private but due to VPN and world wide offices that would not be enough.

So we are thinking about creating subdomains to an actual domain and binding them to local IPs.

Is that against recommendations? That would of sort reveal our inner structure and private IPs to our services to everyone, and should someone get access to the network they know where to look.

Other than that I see no dangers.

Scott - Слава Україні
  • 22,532
NeutronCode
  • 101

1 Answers1

0

What you really need to do is setup separate DNS zones for internal and external consumption where the external view is a subset of the internal view and only contains names that refer to A records in public IP address space that is reachable from the public Internet (a firewall is assumed), and the internal view has everything and is reachable by all business users that are on the internal network, including those using VPN to "get inside". This is very common and can be done with "views" on a single DNS server, or you can have two different sets of DNS servers, all depends on what you're using for DNS service.

Google is your friend, search for "split DNS and BIND". Lots of examples / how-to's out there.

milli
  • 2,030