Access external hosts with internal split DNS resolver

Sat, 08 Aug 2015 21:45:32 -0700 

Hi All,

This question I imagine comes up regularly – I see online there are
several potential solutions so thought it best to see what the accepted
common practice is.

I have configured an internal BIND 9.6 server to act as a split DNS
resolver for an internal (home) network. It uses forwarding for public
host DNS lookups.

From my named.conf file (excerpt):

acl homenet { 192.168.1.0/24; };

options {
  allow-query { homenet; };
  directory "/var/named";
  forwarders { 121.98.0.1; 121.98.0.2; }; // external DNS servers
  forward first;
};

zone "mydomain.co.nz" IN {
  type master;
  file "zone.mydomain.co.nz";
  allow-update { none; };
};


In my zone.mydomain.co.nz file I've defined my internal hosts:

$TTL    604800
@               IN      SOA     mydomain.co.nz. admin.mydomain.co.nz. (
                     2006020201 ; Serial
                         604800 ; Refresh
                          86400 ; Retry
                        2419200 ; Expire
                         604800); Negative Cache TTL

; NS record is the hostname of the BIND server
                IN      NS      bind-server

; A records are for internal resources
dms            IN      A       192.168.1.2
cms            IN      A       192.168.1.4
xmpp           IN      A       192.168.1.6


Internal lookups to dms.mydomain.co.nz for example work just fine. My
question is: how best to configure lookups to Internet-facing hosts
defined in my domain registrar's public DNS zone file, while retaining
the use of the internal DNS server for hosts on my internal network?

In practice, with a host on my internal network configured to use the
internal BIND server, this is what I see:

- lookups to dms.mydomain.co.nz are fine
- lookups to www.mydomain.co.nz fail, where www.mydomain.com is my
public webserver defined in my domain registrar's zone file
- lookups to www.mydomain.co.nz work only if the host is configured to
use the public DNS server

Any advice please and pointers on how to best approach this would be
appreciated :)


-- 
Dave Koelmeyer
http://blog.davekoelmeyer.co.nz
GPG Key ID: 0x238BFF87
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to