# [SOLVED] forward different subdomains a fqdn to local hosts

## tuner23

Hy,

i have a dyndns domain and want to forward different subdomains to different local hosts.

i have bind installed with a mydomain.dyndns.org-zone, but resolving/forwarding local 

sub1.mydomain.dyndns.org to 192.168.123.1 

sub2.mydomain.dyndns.org to 192.168.123.2

does not seem to work.

i thought of using iptables, but i dont want to handle every domain on the firewall.

What is the best way to manage this?

Greets,

Antonios.Last edited by tuner23 on Mon Jun 27, 2011 12:15 pm; edited 4 times in total

----------

## gerdesj

Antonius

You have an internal BIND serving the parent domain and want requests for two sub zones to go to two other name servers.

You need glue and delegation records.

That should give you the key terms to search for ...

Cheers

Jon

----------

## tuner23

Ah,

okay thank you..

This works now inside my DMZ.

But what should i do wiht my firewall?

The dyndns-domain resolves myhost.dyndns.org and all subdomains (*.myhost.dyndns.org) to the same extrenal ip.

I have activated portforwarding on my fritzbox and it resolv this to my firewall..

uhm, and then?

Can't i resolve the name on my host another time and redirect the destination based on the subdomain?

I think delegation for this problem did not work at all..

----------

## Hu

 *tuner23 wrote:*   

> The dyndns-domain resolves myhost.dyndns.org and all subdomains (*.myhost.dyndns.org) to the same extrenal ip.

 Do not do that.  If you want to use port forwarding only, then each served name must have a unique IP:port pair.  Since most people assume port 80 for http, that usually means you need unique IPs for each NAT-hidden machine.  This is why NAT causes trouble for people who manage servers.

 *tuner23 wrote:*   

> Can't i resolve the name on my host another time and redirect the destination based on the subdomain?

 At the time port forwarding is processed, there is no concept of a name.  IP packets are routed based on IP address, not on names.  You could use an HTTP reverse proxy to receive all connections to one machine, then have it instantiate new TCP connections to the hidden machines based on the value of the Host header passed by the client.

----------

## tuner23

Hello Hu,

thanks for your reply.

I will use a Web-Proxy (apache or squid). 

But i wondered, that there is no solution on basis of dns for this.

On the other side its logical, that you need an application-service to do that...

maybe it gets better on ipv6^^

greets,

Toni.

----------

