:: Re: [DNG] Jitsi-meet server in DMZ
Top Page
Delete this message
Reply to this message
Author: Simon Hobson
Date:  
To: dng@lists.dyne.org
Subject: Re: [DNG] Jitsi-meet server in DMZ
g4sra via Dng <dng@???> wrote:

>>> The meeting being hosted on the server needs to be simultaneously
>>> accessible as two different domains, internal.com and external.com.
>>> Anyone achieved this yet or know a better way ?


> Decided to use the external FQDN and implement BIND's response-policy' lying to the internal domain.
> If anyone can think of a good reason why this is a bad idea please shout.


Can you clarify what the issue is ?
It is as simple as needing to connect to the server at different IPs (i.e. the internal IP from inside, the external IP from outside), but using the same URL ? If so, then split horizon DNS is your friend - and I'm assuming that's what you are referring to when you say using BINDs response policy.

I run split horizon DNS at home. I have an internal zone for thehobsons.co.uk which has internal addresses for my devices, and an external zone for it which lists only the public IPs. Two views (in BIND terminology), with rules applied to determine which view is used for which clients.
Some will tell you that it's wrong - but as long as we have NAT then it's a decent and reliable workaround for the breakage that NAT causes.

Simon