On Sun, 21 Jul 2024 18:36:30 +1000 George at Clug <c...@goproject.info> wrote:
> Adam, > > I dislike people to reply to my questions but do not answer the > question, instead suggest I do something totally different. Yes, but sometimes: a) that's the right answer anyway b) it may not answer the OP's question. but may answer someone else's question much later c) it may inform the OP that there may be a better way of doing it that the OP was not aware of d) it may be that the OP is asking the wrong question, but will get information from your answer as to what the right question should be > > Please forgive me, as that is what I am about to do. > > I have had, what seems to me to be similar issue, my solution was to > set up an authoritative BIND9 server on the email/web server in > question, and have the server first use its own BIND9 server's DNS > service first. > > Admittedly I did not care if my authoritative BIND9 server went out > the the Internet for any queries for which it was not authoritative. > > It did allow me to run the server isolated either from the Internet > and/or connected to the Internet. > Indeed. If you do run a DNS server for general network use, you will always want to put in local information. If there is also an Internet DNS server authoritative for the same domain, you need to put in copies of relevant information that server contains, which will otherwise not be found. BIND9 is a bit of a nuisance, especially when you miss a bit of punctuation in a zone file and it won't start, but as far as I can tell, it's the only DNS solution that will access root hints. I would prefer something a bit lighter. I would rather not trust Net DNS servers since I turned up this company https://uk.linkedin.com/company/barefruit (one of many such) in logs. Advertising is easy to ignore, but the idea of tampering with DNS does not impress me. -- Joe
