When two web services reside on the same LAN, it may be convenient to spoof DNS entries to use the LAN IP instead of the public IP. It can be done using RPZ and bind9.
For instance workbench.dachary.org can be mapped to 10.0.2.21 with
$ cat /etc/bind/rpz.db
$TTL 60
@ IN SOA localhost. root.localhost. (
2 ; serial
3H ; refresh
1H ; retry
1W ; expiry
1H) ; minimum
IN NS localhost.
workbench.dachary.org A 10.0.2.21
The zone is declared in
$ cat /etc/bind/named.conf.local
zone "rpz" {
type master;
file "/etc/bind/rpz.db";
allow-query {none;};
};
and the response-policy is set in the options file with
$ cat /etc/bind/named.conf.options
...
response-policy { zone "rpz"; };
};
When bind9 is restarted with /etc/init.d/bind9 restart, the mapping can be verified with
$ dig @127.0.0.1 workbench.dachary.org workbench.dachary.org. 5 IN A 10.0.2.21
If the bind9 server runs on a docker host, it can be used by docker containers with
docker run ... --dns=172.17.42.1 ...