[Techtalk] "virtual" DNS resolution?

Fri Apr 2 23:13:37 EST 2004

On Friday 02 April 2004 04:51, Cari wrote:
> Hi LinuxChix,
>
> Right now, DNS is pointing to my home router/firewall (my one IP
> address).  From there, my NAT router routes certain ports to my linux
> box.  What I would like to do is make it so that I have "virtual"
> hostnames...  So that if I point to www.domain.com or mail.domain.com
> then it will go to the one linux box.

I don't know about the wisdom thing, but hopefully I can help clarify a few 
points.  I am assuming that you are using a dynamic DNS service like 
zoneedit.com or the like, since that seems to me like what you are 
describing. (ie, you want people from outside your network to connect to a 
box on the inside using a domain name.)

I think the important thing to understand is what actually happens when you 
type in a URL into a browser.

Firstly, the browser does a DNS lookup on the domain name.  This returns an IP 
address.  To do this manually, use the 'dig' command.
$ dig linuxchix.org
This will return an IP address (203.7.155.11) and some other info.

Then the browser attempts to open a tcp connection to the returned ip address 
(usually on port 80 for http, port 443 for https).  At the connection stage, 
there is no knowledge of the url or domain as such.  It is just a connection 
to a given IP address.

To do this manually, try the following:
$ telnet 203.7.155.11 80

After the connection is established, the browser sends a request for a given 
URL.  With all modern browsers this will include the domain name, and 
therefore a single webserver can host multiple 'virtual' domains on a single 
IP address.

To do this manually, in the above telnet session, type:

GET / HTTP/1.1<enter>
Host: linuxchix.org<enter>
<enter>

The point of the above is that DNS entries map URL to IP addresses, but that 
at the point where you need to forward the connection from your public IP 
address to your internal Linux box, there is no URL, only an IP address and a 
port.  Thus you can only forward traffic to your internal box on the basis of 
the port number used and no other information.  (Well, you could possibly use 
the source ip address and port, but that is probably not relevant to what you 
are trying to do.)

> My guess is that I have to configure DNS to run on my box, open
> up/redirect the port(s) on my router, and then set it up so that
> www.domain.com points to the same IP as a few others.  Is that right?
> Are there any special considerations because the internal machine is
> using an internal IP?  I understand only the basic concepts of DNS,
> mostly from the user's perspective, so I'm a little bit perplexed.   Can
> anyone help me out here?  Know any good links or have wisdom you can
> spare?

You are not redirecting 'www.domain.com' as such to an internal IP.  You will 
be redirecting *all* traffic on port 80 (for example) on the external IP 
address to an internal IP address.  It does not how the remote client found 
the IP address.

You can however change which internal ip address gets what traffic based on 
port number.  For example you may send all http (port 80) traffic to box1, 
and all smtp (port 25) traffic to box2.

> I'm doing this mostly to learn, and it's fun every time I triumph over
> the machine.  I doubt I will ever run out of things to learn with this
> new linux hobby!   Thanks...

I started my Linux hobby about 6 years ago, and I am still learning new things 
on a regular basis.  In fact LinuxChix has been a great source of new 
information, and is also just a great place to hang out.  Linux is a great 
way to learn - you are really only limited by your patience and your desire 
for knowledge.

Enjoy!

Rasjid.

-- 
Rasjid Wilcox
Canberra, Australia (UTC +10 hrs)
http://www.openminddev.net