Greetings All- I have an odd need for a 'semi-authoritative' DNS server. Let's say I have a zone for 'domain.com' with public DNS servers. However, I wanted to run an internal DNS server for internal things. Public resolution of 'www.domain.com' would yield the public IPs, private resolution of 'www.domain.com' would yield the internal private IPs. Easy enough. BUT, what if there is a DNS record present on the public nameservers that is *not* present on the internal nameserver? Typically, DNS will say 'no record found' when it could really forward the request to the public DNS. Is it possible to configure this? So, the internal 'domain.com' zone will be authoritative for records it has but forward queries for those records it does not have, even on the same domain? I hope that made sense. Maybe there is a better way of accomplishing this? The systems in question are running Centos 5.5 x86_64 with BIND bind-9.3.6-4.P1.el5_4.1 . --Tim
On 11/05/10 16:54, Tim Nelson wrote:> Greetings All- > > I have an odd need for a 'semi-authoritative' DNS server. Let's say I have a zone for 'domain.com' with public DNS servers. However, I wanted to run an internal DNS server for internal things. Public resolution of 'www.domain.com' would yield the public IPs, private resolution of 'www.domain.com' would yield the internal private IPs. Easy enough. BUT, what if there is a DNS record present on the public nameservers that is *not* present on the internal nameserver? Typically, DNS will say 'no record found' when it could really forward the request to the public DNS. Is it possible to configure this? So, the internal 'domain.com' zone will be authoritative for records it has but forward queries for those records it does not have, even on the same domain? > > I hope that made sense. Maybe there is a better way of accomplishing this? > > The systems in question are running Centos 5.5 x86_64 with BIND bind-9.3.6-4.P1.el5_4.1 . > > --TimYou have to use views for this. Check the example BIND configuration files that come with the package (/usr/share/doc/bind...). It's sometimes called split horizon DNS as well, you may have better luck googling that.
On 11/06/2010 02:54 AM, Tim Nelson wrote:> Greetings All- > > I have an odd need for a 'semi-authoritative' DNS server. Let's say I have a zone for 'domain.com' with public DNS servers. However, I wanted to run an internal DNS server for internal things. Public resolution of 'www.domain.com' would yield the public IPs, private resolution of 'www.domain.com' would yield the internal private IPs. Easy enough. BUT, what if there is a DNS record present on the public nameservers that is *not* present on the internal nameserver? Typically, DNS will say 'no record found' when it could really forward the request to the public DNS. Is it possible to configure this? So, the internal 'domain.com' zone will be authoritative for records it has but forward queries for those records it does not have, even on the same domain? >Checkout dnsmasq package. That will do exactly what you want. Kal