Muhammad Yousuf Khan wrote:
> Need your experience advice, We have a BIND9 DNS server that operates both
> privately and publicly for the domain example xyz.com. I use the private
> DNS for certain secure nodes on our local network. I want all VPN users to
> be able to resolve these secure nodes using our local DNS, which is
> functioning correctly.
>
> So I force assign all VPN user local DNS so that they can access the secure
> records and local DNS can forward their query to public DNS in case the
> record is not found in the zone file.
>
> locally everything is working just fine, the issue arises when a VPN user
> queries an A record that is on public. For example, if "secure.xyz.com" has
> a local entry in the zone file, it works as expected. However, when the
> entry is not present, I expect BIND to conditionally forward the query to a
> remote DNS server and resolve it for the VPN client. Unfortunately, this is
> not happening. BIND only searches for entries that are available in the
> local zone file and then times out. Here are my configuration files.
>
> here is my bind config
>
>
> options {
> directory "/var/cache/bind";
> recursion yes; // Enable DNS recursion
> allow-recursion { localhost; };
^ only localhost is allowed to do recursive queries. But you
want all your internal users to be allowed to do that.
> allow-query { any; }; // Allow queries from any
> IP address
> forwarders {
> 8.8.8.8;
> };
> dnssec-validation auto;
> listen-on-v6 { any; };
> };
>
> zone "xyz.com" {
> type master;
> file "/etc/bind/db.xyz.com";
> forwarders {
> 8.8.8.8;
> 8.8.4.4; // Additional forwarder (optional)
^ you do not want forwarders here.
-dsr-
