I'm having a hard time getting my fingers behind your situation and understanding the problem, but let's see how far we can get.
jacobsj said:
I have two FreeBSD servers: Server 1 is DNS. Server 2 is Apache.
I have a public sub-domain as I have pointed to my public IP address (A record) and made NAT from ZyXEL NBG4615 router on port 53 and 80 to server 1.
If server 2 runs Apache, then why do you forward port
80 to server
1 instead? Wouldn't it make more sense to forward port
80 to the server which runs the Apache webserver?
Also: what exactly do you mean with a public sub-domain? It appears as if you claim the (sub)domain is public because you used NAT to allow outside access to your servers. But just providing access to your DNS server is not enough to make a domain publically available.
That is; it would become available to everyone who uses your DNS server. But for the rest of the world the domain wouldn't exist or, if someone else had registered it, it wouldn't point to your setup.
Just to try and keep things clear here. If you registered a domain with some domain merchant, then pointed all the records to your servers, then yes; this would be a public domain.
jacobsj said:
I have created a zone file on server 1, and when I do nslookup I get the local IP address of the server 2 return.
Assuming that we're talking about a public (so registered, see above) domain then this would be a bad thing(tm).
If the local IP address sits somewhere in the so called private range block then no one on the Internet would be able to access them. With private range I'm referring to these IP address ranges:
Code:
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
jacobsj said:
When I type the sub-domain name I am sent to my public IP address. Then I hit server 1. And then it has to send me to server 2 (because it is in the zone file). But it does not. I turned off all firewall's from, but without success.
I fail to understand how the public IP address all of a sudden came into play, but I get the impression that English isn't your native language so I'm also trying to compensate a bit for things which I may have missed (or simply didn't understand at all).
But in the end it boils down to this I think: People from the outside end up on server 1 when doing an HTTP request on your subdomain which provides them with your public IP address. Because of the port forwarding you described earlier they end up on server 1, yet you now expect them to get forwarded to server 2.
Unless you set up some proxying services or other fail-safe mechanics that is obviously not going to happen. It doesn't quite matter what you put in your zonefiles. If someone requests a page from webserver 1 then the best thing that server can do is either redirect the client somewhere else (which will make the client itself connect to a different server) or act as a proxy of some sort.
In the case of a proxy the client remains connected to the main server, and the server will then contact another server on behalf of the client. In a way such a setup is comparable to port forwarding: whenever someone connects to your subdomain they end up contacting your ZyXEL router. The router then picks that up, forwards the request to server 1 which then processes the request and sends all the stuff back to the ZyXEL which then sends it back to the original client.
And in your case it's of course impossible to redirect a client directly to server 2 because not only does it use a private IP address (or so I understand); from the clients perspective he's only connecting to 1 server and that's your public IP address which is handled by your ZyXEL.
I hope this can help you get some better understanding.