DNS and Medulla Relay views in the DMZ
Since the Medulla agent configuration is unique across the entire network, it supports only a single domain name. To allow machines to reach the server from both the private network and the outside via this single address, the use of a single domain name coupled with DNS views (Split-Horizon) or a Round-Robin is required.
DNS Views
Principle
A DNS view allows different responses to be provided for the same name depending on the origin of the request.
- Internal workstations → internal Medulla server
- External workstations → Medulla relay in the DMZ
Benefits
- Only one DNS name to configure
- No configuration differences on the workstations
- The internal Medulla server is not exposed
- Clear and secure architecture
Key points
DNS views automatically route endpoints to the correct Medulla access point, while maintaining a single name and simple configuration.
Reference article on Bind9: https://kb.isc.org/docs/aa-00851
Round-Robin
Additionally, if you do not wish to configure DNS Views, you can opt for an alternative solution by implementing a Round-Robin mechanism. This mechanism distributes requests across multiple IP addresses associated with the same domain name, ensuring a balanced distribution of connections.
To do this, you need to follow two steps:
- Define the internal IP address of the main Medulla server.
- Define the public IP address of the DMZ relay server.