On Fri, 28 Jul 2017 07:58:25 -0600 Steve Williams wrote: > > I would like to run a local resolver on my internal network that will > resolve all my hosts on my local network to IP addresses on my local > network(s) rather than resolving to their public IP addresses. > > I believe it's called a "split zone" DNS, where my domain is resolved > locally, but everyone else is resolved using normal resolution > processes. >
Yes Steve. A split horizon DNS zone is where different data is served for the same zone above & below the horizon (a gateway between the Internet & LAN). So hosts like printer.example.not.uk resolve internally only. In the dark, below the public light of the sun's horizon. Also hosts like mail.example.not.uk have a private LAN IP address internally, and have a pubic IP address when queried from the Internet. (which is like poisoning the internal edition of the zone.) > I set this up at one of my previous jobs using BIND, but that was 7 > years ago. I've never gone to the trouble of doing it at home, but I > would like to exercise my brain a bit as well as having my home > network set up "better". > Yes, I used to operate BIND as a split horizon server on OpenBSD too. > What is the best tool to accomplish this these days? Is NSD the > "modern" tool to be using on OpenBSD? > When OpenBSD changed from BIND to NSD & Unbound, I found it simpler to serve the private domain '.internal' on the LAN;- To serve a split horizon zone, there needs to be 2 NSD daemons, serving different zone files. Either on different machines, or different ports. Or,... Unbound can serve data for simple private zones, while leaving NSD to serve public zones. Unbound can stub (i.e. proxy) zones from NSD served zone files. This thread is a couple of years old, but could help you get going: http://marc.info/?l=openbsd-misc&m=141113669300630&w=2 A master NSD server can notify a slave NSD server, which will auto transfer the zone & serve new data when the zone is updated. So I have 2 NSD servers on my LAN, which 2 Unbound resolvers stub their .internal domain from. (No need to cron rdist unbound.conf files between servers & restart unbound.) I can shutdown & upgrade 1 gateway machine, while everything on the LAN keeps working as normal. For internal domain name thoughts, see: http://marc.info/?l=openbsd-misc&m=145639578710637&w=2 Cheers, -- Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
