Finally could make it work using RPZ, just in case some would be interested.
Mon Aug 02 18:25:12 GMT-03:00 2021 Nuno Simoes <nunosimoesem...@gmail.com>: Hi,
Yes, so long as you are authoritative for the zone you can forward subdomains
of that zone to any other DNS server you want. On Mon, Aug 2, 2021, 3:07 PM
Daniel Armando Rodriguez via bind-users < bind-users@lists.isc.org> wrote: Was
wondering If would be possible to setup a forwarding scheme just for some
subdomains, I emphasize the fact that master is publicly accesible and current
need is to locally resolv a bunch of subdomains of the same zone. I think image
attached in previuos message is pretty explanatory, but currently my setup doen
not work as (I) expected. > I attach a picture to best describe where I'm
standed at. > > https://i.postimg.cc/x8PKnz53/ejemplo-com.png > > Currently
disabled the SH setup to let just an authoritative DNS for > local resolution.
Following the example, any request made from PC1 to > sys4/sys5/sys6 have no
issues. However, if such host makes a request > to sys1/sys2/sys2 just get a
time out response. > Any other query to outside, let's say google.com or
whatever, works > just fine. El lun, 26 jul 2021 a las 13:29, Sten Carlsen (
s-carlsen.dk>>) escribió: >> >> Hi >> >> I am running just that setup. >> >>
This may not scale well enough for your needs. >> >> I have one server with two
views, one internal and one external. >> >> The external view is the hidden
master for a number of public servers. >> All going through the relevant
delegations. This is only >> authoritative. >> >> The internal view is selected
by the client address and master files >> for the same domain but with my
internal addresses. This is recursing >> and will answer from the master files
for those domains and will >> recurse for any other query. >> >> This has
served me well and e.g. I get the internal address for the >> mail server if I
query from an internal address and I get the public >> address if I query from
an external address. >> >> This setup means that mail clients will make a
lookup of the same name >> always and if at home get the internal address and
if outside get the >> public address. >> >> There is often a recommendation to
use different domains, e.g. >> xxx.example.com for public addresses and
xxx.internal.example.com for >> the same servers internal addresses. This is
not very useful since >> e.g. a mail client would have to know about two
different server names >> - with split horizon I can use the same name always.
>> >> -- >> Best regards >> Sten Carlsen >> >> A pessimist is a person that can
find a problem for every solution. >> >> >> On 26 Jul 2021, at 15.55, Daniel A.
Rodriguez >> gmail.com>> wrote: >> >> Hi there, >> >> Currently have a public
DNS up & runnin' but, due to brand new >> location, there's a need to add local
resolution. >> >> With that in mind, first idea was to deploy a split horizon
setup. >> Sadly just local resolution works so far. Double check config but >>
currently I'm stuck with this situation. >> >> Was wondering if having the same
zone both public and private, but >> with different records, could be an issue.
Master for the zone is >> public, of course, and the private one -as mentioned-
has a different >> set of records just for lan hosts. Idea was to go out just
when a >> query for a public subdomain is requested, but that desn't seem to >>
work. >> >> Both forwarders option and recursion are enabled. >> >> Any hint
will be much appreciated. _______________________________________________
Daniel A. Rodriguez Informática, Conectividad y Sistemas Universidad Nacional
del Alto Uruguay San Vicente - Misiones - Argentina www.unau.edu.ar
_______________________________________________ Please visit
https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information. bind-users
mailing list bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
