Next: LetsEncrypt wildcard certificates Up: Wildcard Letsencrypt Certificates, Google Previous: DNSSEC Contents
I really need two separate “views” of the DNS domain. One view, the “external” view, presents a set of IP addresses to a client which is external to my own internal network (ie the Internet). The other view, the “internal” view, consists of entirely different IP addresses which are presented to a query from within my home network.
If I am using my laptop from my living room, and seek to access my local website the DNS will present a certain IP to my web browser. If I carry the same laptop to a remote location, a DNS request for the address of the same website will respond with an entirely different IP address.
A DNS server which can respond to the same enquiry with different answers depending on the origin of the query is said to have a “split horizon”.
The common (and free) Berkeley Internet Name Domain (BIND) DNS server is easy to compile and configure on almost any Linux system. It offers, among many other features, “split horizon” views, as well as multiple means of querying for domain names presented by those views.
It is also possible to configure BIND “on the fly” with an API.
I installed BIND on my local machine and configured it with both an internal and an external “view”, with appropriately selected IP addresses in each view.
This solved my need for internal views of my network, and at least did not conflict with the external views which were also being presented by Google's service. It solved most of my problems, but did not meet all of my needs because of the requirements discussed in the next section.