# Private network and domain names



## gpatrick (Aug 15, 2009)

Let's say I have a DMZ using private IP's on a 172.16.0 network and have a reverse proxy in front of three web servers, one each for example.net, example.com, example.org.  There are also two DNS servers in the DMZ, as well as a mail server.  All are behind a PF firewall.  

There is also an internal firewall with two internal DNS servers and a DHCP server.

In the DMZ external DNS servers I have entries such as this:
In db.example.com:

```
www IN A 10.10.10.100
reverseproxy IN A 10.10.10.130
```

in db.example.org

```
www IN A 10.10.10.110
reverseproxy IN A 10.10.10.130
```

in db.example.net

```
www IN A 10.10.10.120
reverseproxy IN A 10.10.10.30
```

In db.10.10.10:

```
100 IN PTR www.example.com
110 IN PTR www.example.org
120 IN PTR www.example.net
130 IN PTR reverseproxy.example.com
```

1)  Can I use a domain name for the servers in the DMZ as net.local for the mail, rev proxy, web, and DNS servers?

2)  Can I use a domain name for servers in the LAN such as lan.local?

3)  If I have zoneedit as my registrar do I point ns1.example.com and ns2.example.com to my IP assigned by my ISP?

4)  If ns1 and ns2 are pointing to the IP assigned by the ISP, then do requests to port 53 get directed to the nameservers in the DMZ by the firewall rules so it knows where to do name lookups for the multiple zones if someone goes to www.example.com and another goes to www.example.org?


----------

