10.6.2 Split Horizon DNS
The DNS interface in Server Admin.app is not suitable for doing a split-horizon DNS configuration. It simply doesn’t expose all of the flexibility of bind that you need to pull off such a configuration.
If you poke around the bind config files on your OS X Server, you’ll be able to see how apple has set them up so that you can edit them directly without confusing the GUI. /var/named contains zone files that you may edit, and they include corresponding files in /var/named/zones which you should not edit. They’ve done something similar for /etc/named.conf and the files in /etc/dns/.
Having said that, I recommend not doing both internal and external resolving for split-horizon DNS on your server, mainly because:
- It’s kind of complicated, and you lose any convenience you had when you were able to use the GUI exclusively
- You have NAT, which makes it even more complicated
- There are solutions available from third parties that are better-performing, cheap/free, and more robust
In my organization, we use DNS in Mac OS X Server extensively for the internal part of a split-horizon setup. We use the “Advanced DNS” part of a network solutions account for the external part. It comes free with the domains we’ve purchased, and has redundancy and speed far greater than what I could justify for hosting a handful or externally-resolving names myself.
You need to reconfigure BIND to use “views” with two different versions of your zone file, such that access from inside your network gives the 192.168.1/24 (internal) addresses, but requests forwarded from outside (via your 2-Wire router) give out your static public IP.
For more information check this out it is a How To with more detailed instructions for Split Horizon DNS configuration.