A local network with about 25 pc's with a mixture of *nix, apple, and windows. A red hat 7.2 machine is the fileserver, ftp, web, mysql, and telnet server. DNS is provided through the ISP. All internet and other functions work fine. There is also a firewall in front of all the machines that provides security and NAT to all the machines. Now the problem is the Red hat machine has an internal ip address that is forwarded to it from the firewall. I can call up a webpage or any other function for that matter by the domain name outside of the network, but internally an internal ip address has to be issued in order to access anything from the red hat machine?

How do your other machines get their names resolved?

The reason is because your name resolution is done on the outside of your NAT firewall and I take it that you have certain ports filtered to certain machines, right?

You're ISP's DNS server most likely has no host records for your internal machines. They probably only have one host record and that's for your NAT firewall's routable IP address. Call them and ask them to put host records in your DNS zones for each of your machines with their private IP addresses. On second thought, don't do that because your ISP will not put nonroutable addresses on their DNS servers.

Put a DNS server behind your firewall with your primary zone on it and configure your zone with the correct host name and IP addresses. You will then need filter port 53 to your DNS server. Then tell your DNS server to use your ISP's DNS server(s) as a Forwarding server. Tha's the setup I have and it works perfectly.

Jeff could you post or email me your records so that I could set this up with little or no down time?

Ok could someone post or email me some records so I can start working on my problem. I'd like the ISP to still be the primary DNS record holder since they host the mail, but I'd like to host the secondary so that the domain name will be functional within the network.

This links should help you out.
web page (http://www.isc.org/ml-archives/bind-users/2000/08/msg00373.html)

Thanks for the information everone, I'm working with someone to get through this issue. I will post the workings of this as soon as the project is complete since i've already been e-mailed by several other people whom would also like to setup a split dns setup.

[ 23 March 2002: Message edited by: neotrace ]