I was interested if i can make split horizon DNS in synology web UI. I have googled a bit as i initially could not figure how how to create a zone inside a view. I mean, it was not straight forward for me. Luckily, tonight i decided to give one more try, and it worked. I just would not think that it would be possible to create two dns zones with the same name in main panel in the synology web ui portal.
But, i would not thought this way , that you are suposed to create here multiple zones (with the same name) that later, one will be assigned to different view. It’s just weird to see the (n) in the names. So the reason in my opinion for this behavior is that in this panel we are not in a view. We are in ‘general’ sort of place/setting/panel. I am used to infoblox more, and there , one is ‘forced’ to be in a view from the very first moment. So there will never be the case that one creates two zones with the same name, and the later gets marked with (2). The moment we are creating a zone inside infoblox we already are in a view, even if we did not create one ourselves. The default view that is used in infoblox is called surprisingly ‘default’ 😉 So if one would like to make that split between clients from lets say external and internal networks, one would have to make additional view and call it ‘external’, and the ‘default’ one rename to internal. Afterwards one has to make a zone with the correct records inside the external view zone.
Let’s go back to synology dns. I tried my best to depict the flow/situation:
So let’s say we have a domain : ‘test.zone’ , this domain is hosted by synology dns on our storage appliance, our appliance is exposed to internet. In addition this appliance is also exposed to our LAN, where local users are using local services. Maybe for internal usage a www A record should point to a server in our local lan, where in case somebody on internet wants to reach a www.test.zone he has to sent to a webserver in cloud or different location. For example i create a lot of virtual environments and maybe i don’t want to create a new domains for every lab. Instead all labs would be using the same domain, but just different view.
So in case that internet / lan example.
If a system from internet asks about www A record, our synology dns should reply with 84.213.23.5
If a system from our lan asks about www A record, our synology dns should reply with 192.168.4.5
On the screenshot above, i did nslookup from two machines, one from 192.168.111.0/24 network, and one from 192.168.1.0/24 network. I have created two zones of the same name and later i have assigned them to the correct view, and forced access to the correct view by maching clients by their networks. In case of let’s say internet/lan example, we could do this.
So if a client is from 192.168.x.x network, we will be forcing him to receive 1 version of the zone record. All other cases i treat as ‘system from internet’ / external wants to retrieve record and should get other values. Sample usage below querying this from internet
So when querying the synology dns , we are utilizing the EXT view. When we are doing it from a computer in lan, we are utilizing the INT view. I hope this post will make it easier to understand this concept of dns views.
1 comment
… [Trackback]
[…] Informations on that Topic: grzegorzkulikowski.info/2021/06/04/configuring-synology-dns-views/ […]