Create Internal and External DNS zones when Behind NAT

Using NAT has it’s advantages, better security, efficient IP allocation, and management. However, one problem that is always comes up is DNS.

Is there a way for me to configure Virtualmin to add a DNS zone on a separate server using the Internal IP?

Server A is the system running Virtualmin, it is behind NAT with the IP, it’s public IP is Then there is Server B, a DNS server running BIND and Webmin. It’s only purpose is to provide DNS to the internal systems, including server A.

I would like to know what is necessary to create a function such as:

  1. I create a new domain
  2. As usual, the zone gets added to BIND using the public IP
  3. Virtualmin adds the zone to Server B using the private IP

You could quite possibly write a post-server-update script to do what you intend; I’m not sure if Virtualmin has the proper configuration options to automatically create a zone on the slave with differing IPs. Probably not, because the way a DNS slave server has to work is to keep exact copies of the master’s zones, and not fiddle with the IP addresses.

Another solution would be, depending on whether your router supports that, to use “NAT reflection”. If you turn that on, your LAN machines will be able to reach your server from the inside using the external IP. I know my home router does that, and the software router “pfSense” I use on my root servers has an option for it.