Can I bounce my dedicated server's IP off my DNS server IP?

Home » Computer Networking » Can I bounce my dedicated server's IP off my DNS server IP?
Computer Networking No Comments

What I mean is, my dedicated servers network forwards it to my DNS server, which is located in a different state. After that, users will connect via the DNS server so the Dedicated server's ip is hidden.

Best Answer:

David: What you need is something similar to a proxy server, but with a few differences. This would be located at your 'different state' location. Let me refer to this server as a relay (because that is what it is).

Incoming packets from users arriving at the relay will have their source addresses (the users' own public IP addresses) replaced with the relay's IP address. The packets will also have their destination address – the address of the relay – replaced with your dedicated server's own IP address. If the relay detects a packet coming back from the dedicated server, it will do the reverse mapping to send the packets back to the original users. The relay will have to handle port address translation (PAT) in exactly the same way as a NAT router or a normal proxy does so that users never use the same port number as other users in packets reaching your dedicated server.

Since the relay is not a normal proxy, the users do not need to set it up as a proxy server. They are unaware that there is a forwarding process taking place.

Since DNS servers work on a cached tree structure, although you might have a definitive DNS server, its entries may be cached in other DNS servers closer to the individual users, so your description of the DNS process is probably slightly off. What your domain's DNS entry will do is direct users to your relay server and not reveal the public address of your dedicated server at all. The only place that the dedicated server address will appear is in the relay function when it is inserted into user packets on their way to the dedicated server, whose address will be replaced with the relay's address when response packets come back.

This process differs from a traditional 'bounce' where one server supplies the URL or IP address of another server back to the user so that the user's computer can go directly to the new target server rather than being relayed through an intermediate relay server.

You should note that the dedicated server will still have a public presence on the Internet and could still be attacked if someone finds that address. You would have to take steps to make sure that the dedicated server ignores all packets except those coming from the relay, and possibly from another IP address that is used for remote maintenance.

I hope this helps.

Other answer:

DNS is just a database, the internet's "phone book" service.
It only provides domain name <> IP address info and nothing connects "through" it.

Anything that actually connect will do so by using your server/system IP address.

It is called a reverse proxy. The problem is the reverse proxy. You can't use DNS for this, it is a reverse proxy for your specific protocol, http//https or other. The problem is that the reverse needs to point to a static ip/name or dynamic dns name but if you could do that you don't need the reverse proxy because you could use the static or ddns by itself.
The use of a proper firewall and proxy server would be better.