It is suggested in this question that it’s not a good idea to expose a private IP address via a public DNS entry. My question is then what’s an elegant and easily maintainable way to allow multiple users on diverse platforms (Mac/Windows) connecting to a VPN to use a standard centralized address naming schema without asking them all to hack their hosts files (which really isn’t an option in my case)?
Clarification: I’ve set up several services on the private network like Cacti and I want to let internal users access these services via http://cacti.our-domain.com so they don’t have to type/remember/bookmark the private VPN-only IP addresses.
If you’re concerned about public access to names that resolve to private addresses, you can either run an internal DNS server that’s publicly inaccessible that forwards to a more general-purpose DNS server, or use a DNS server that will restrict access to parts you don’t want people to see.
- DNS Over VPN for non domain connected Devices
- Should / Can I use DNS Records to list “Private Hosts in Private LANs”?
- Possible to IPSec VPN Tunnel Public IP Addresses?
- ASA VPN :: Why Blocked Packets on Private Network?
- How can I set a remote access policy / gpo to deny RAS VPN access to a particular OU?