[SOLVED] basic private DNS question.

bluefish1 · 02-11-2012, 04:32 PM

I have bind running and I have a working local dns server that forward anything the server can't resolve to a external authority.

I can resolve addresses in my local domain like serverA.mydomain.local

I am getting only one error which does not appear to be causing any issues:

Code:

Feb 11 16:57:44 hostserver named[4803]: invalid command from 127.0.0.1#33750: bad auth
Feb 11 16:57:44 hostserver named[4803]: shutting down
Feb 11 16:57:44 hostserver named[4803]: stopping command channel on 127.0.0.1#953
Feb 11 16:57:44 hostserver named[4803]: stopping command channel on ::1#953
Feb 11 16:57:44 hostserver named[4803]: no longer listening on 127.0.0.1#53
Feb 11 16:57:44 hostserver named[4803]: no longer listening on 192.168.1.1#53
Feb 11 16:57:44 hostserver named[4803]: no longer listening on ::1#53
Feb 11 16:57:44 hostserver named[4803]: exiting
Feb 11 16:57:44 hostserver named[4829]: starting BIND 9.5.2-RedHat-9.5.2-1.fc10 -u named
Feb 11 16:57:44 hostserver named[4829]: adjusted limit on open files from 1024 to 1048576
Feb 11 16:57:44 hostserver named[4829]: found 4 CPUs, using 4 worker threads
Feb 11 16:57:44 hostserver named[4829]: using up to 4096 sockets
Feb 11 16:57:44 hostserver named[4829]: loading configuration from '/etc/named.conf'
Feb 11 16:57:44 hostserver named[4829]: using default UDP/IPv4 port range: [1024, 65535]
Feb 11 16:57:44 hostserver named[4829]: using default UDP/IPv6 port range: [1024, 65535]
Feb 11 16:57:44 hostserver named[4829]: listening on IPv4 interface lo, 127.0.0.1#53
Feb 11 16:57:44 hostserver named[4829]: listening on IPv4 interface internal, 192.168.1.1#53
Feb 11 16:57:44 hostserver named[4829]: listening on IPv6 interface lo, ::1#53
Feb 11 16:57:44 hostserver named[4829]: automatic empty zone: 0.IN-ADDR.ARPA
Feb 11 16:57:44 hostserver named[4829]: automatic empty zone: 127.IN-ADDR.ARPA
Feb 11 16:57:44 hostserver named[4829]: automatic empty zone: 254.169.IN-ADDR.ARPA
Feb 11 16:57:44 hostserver named[4829]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Feb 11 16:57:44 hostserver named[4829]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Feb 11 16:57:44 hostserver named[4829]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Feb 11 16:57:44 hostserver named[4829]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Feb 11 16:57:44 hostserver named[4829]: automatic empty zone: D.F.IP6.ARPA
Feb 11 16:57:44 hostserver named[4829]: automatic empty zone: 8.E.F.IP6.ARPA
Feb 11 16:57:44 hostserver named[4829]: automatic empty zone: 9.E.F.IP6.ARPA
Feb 11 16:57:44 hostserver named[4829]: automatic empty zone: A.E.F.IP6.ARPA
Feb 11 16:57:44 hostserver named[4829]: automatic empty zone: B.E.F.IP6.ARPA
Feb 11 16:57:44 hostserver named[4829]: command channel listening on 127.0.0.1#953
Feb 11 16:57:44 hostserver named[4829]: command channel listening on ::1#953
Feb 11 16:57:44 hostserver named[4829]: zone 1.168.192.in-addr.arpa/IN: loaded serial 2010031500
Feb 11 16:57:44 hostserver named[4829]: zone mydomain.local/IN: loaded serial 2010031500
Feb 11 16:57:44 hostserver named[4829]: running

What I need now is to capture address not in my local domain and redirect them to internal ip addresses. AKA: somesub.somedomain.com > 192.168.1.50

I would also like to have dns caching if that is also possible.

If anyone could point me in the right direction it wouyld be greatly appreciated.

My current configs:

Code:

[named.conf]

options {
  directory           "/var/named"; // the default
  dump-file           "/var/named/data/cache_dump.db";
  statistics-file     "/var/named/data/named_stats.txt";
  memstatistics-file  "/var/named/data/named_mem_stats.txt";

  forwarders { 208.67.222.222; 208.67.220.220; };
  listen-on port 53 {192.168.1.1; 127.0.0.1; };
  listen-on-v6 port 53 { ::1; };
};

zone "mydomain.local" in {
  type master;
  file "mydomain.local.ns";
  allow-update { none; };
};

zone "1.168.192.in-addr.arpa" in {
  type master;
  file "1.168.192.in-addr.arpa.ns";
  allow-update { none; };
};
  



[mydomain.local.ns]

$TTL    1d
mydomain.local.  IN    SOA   ns.mydomain.local. support.mydomain.com. (
    2010031500 ; se = serial number
    3h         ; ref = refresh
    15m        ; ret = update retry
    3w         ; ex = expiry
    3h         ; min = minimum
    )

    IN    NS    ns.mydomain.local.

; private hosts
ns    IN A 192.168.1.1
phone1         IN    A    192.168.1.2
web        IN    A    192.168.1.3
vpn       IN    A    192.168.1.4
fileserver      IN    A    192.168.1.5
xp     IN    A    192.168.1.6
phone2      IN    A    192.168.1.7
printer        IN    A    192.168.1.10
haweater        IN    A    192.168.1.11
backup        IN    A    192.168.1.12
switch        IN    A    192.168.1.15
wireless         IN    A    192.168.1.20




[1.168.192.in-addr.arpa.ns]

$TTL    1d
@ IN    SOA   ns.mydomain.local. support.mydomain.com. (
    2010031500 ; se = serial number
    3h         ; ref = refresh
    15m        ; ret = update retry
    3w         ; ex = expiry
    3h         ; min = minimum
    )

    IN    NS    ns.mydomain.local.

; private hosts, reverse lookup
1 IN PTR ns.mydomain.local.
2     IN    PTR    phone1.mydomain.local.
3     IN    PTR    web.mydomain.local.
4     IN    PTR    vpn.mydomain.local.
5     IN    PTR    fileserver.mydomain.local.
6     IN    PTR    xp.mydomain.local.
7     IN    PTR    phone2.mydomain.local.
10     IN    PTR    printer.mydomain.local.
11     IN    PTR    haweater.mydomain.local.
12     IN    PTR    backup.mydomain.local.
15     IN    PTR    switch.mydomain.local.
20     IN    PTR    wireless.mydomain.local.

bathory · 02-12-2012, 03:52 AM

Hi,

Quote:

What I need now is to capture address not in my local domain and redirect them to internal ip addresses. AKA: somesub.somedomain.com > 192.168.1.50

You mean a wildcard domain? If yes, then add as the last entry in your zone file the following:

Code:

* IN A 192.168.1.50

Quote:

I would also like to have dns caching if that is also possible.

You didn't mention your distro, as some distros have an extra confing file for a caching dns. Anyway, you can add the hint zone in named.conf

Code:

zone "." {
        type hint;
        file "named.root";
};

and the named.root zone file in /var/named. To get a fresh named.root, you can run:

Code:

dig +bufsize=1200 +norec NS . @a.root-servers.net > named.root

Of course you should comment out the forwarders part in named.conf

Regarding the auth error, you should (re)create the rndc.key/rndc.conf and add the relevant configuration in named.conf. Read your distro's documentation, to see what you have to do

Regards

wpeckham · 02-12-2012, 09:27 AM

I would not change direction now, but if you ever have a project like this one again look into DNSMASQ. It is less easy to redirect entire domains, but far easier to redirect hosts, do caching, etc.
By default it reads your current resolv.conf and hosts files to initialize itself for the local network and parent DNS servers, and can (optionally) handle DHCP server chores as well.
No ZONE files, reverse syntax issues, and any readability issues are minor compared to BIND.
(Natch, with that BIND complexity you get different choices and more options, but if you do not NEED those.....)

bluefish1 · 02-12-2012, 10:14 AM

-bash-3.2$ named -v
BIND 9.5.2-RedHat-9.5.2-1.fc10

bathory · 02-12-2012, 11:09 AM

Quote:

Originally Posted by bluefish1

-bash-3.2$ named -v
BIND 9.5.2-RedHat-9.5.2-1.fc10

And? Did you follow the instructions above?

bluefish1 · 02-12-2012, 12:56 PM

Did the zone "." item... and it restarted ok .... which is to say I can still resolve sites, can't actually prove that it is caching anything.
But it does appear to be correctly setup:
tail -f named.root
l.root-servers.net. 3600000 IN A 199.7.83.42
l.root-servers.net. 3600000 IN AAAA 2001:500:3::42
m.root-servers.net. 3600000 IN A 202.12.27.33
m.root-servers.net. 3600000 IN AAAA 2001:dc3::35

;; Query time: 36 msec
;; SERVER: 198.41.0.4#53(198.41.0.4)
;; WHEN: Sun Feb 12 13:48:01 2012
;; MSG SIZE rcvd: 699

Going to add the wild card item now.

bathory · 02-12-2012, 01:15 PM

To test if your dns is actually caching, clear its cache either by restarting it, or using

Code:

rndc flush

(if you have configured rndc)
After that use dig to do 2 lookups for the same domain and watch the last lines for the query time:

Code:

; <<>> DiG 9.8.1-P1 <<>> google.com
<-snip->
;; ANSWER SECTION:
google.com.             300     IN      A       173.194.35.50
google.com.             300     IN      A       173.194.35.51
google.com.             300     IN      A       173.194.35.52
google.com.             300     IN      A       173.194.35.48
google.com.             300     IN      A       173.194.35.49
<-snip->
;; Query time: 1119 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Feb 12 21:11:45 2012
;; MSG SIZE  rcvd: 180

; <<>> DiG 9.8.1-P1 <<>> google.com
<-sinp->

;; ANSWER SECTION:
google.com.             299     IN      A       173.194.35.49
google.com.             299     IN      A       173.194.35.50
google.com.             299     IN      A       173.194.35.51
google.com.             299     IN      A       173.194.35.52
google.com.             299     IN      A       173.194.35.48
<-snip->
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Feb 12 21:11:46 2012
;; MSG SIZE  rcvd: 180

As you see the 1st time it takes some time to get the response, but the 2nd time is takes no time as it gets the cached response

bluefish1 · 02-12-2012, 01:38 PM

The problem I am attempting to solve at the moment is an issue I created when I consolidated all of my servers onto one local host system which is also my gateway and is running multiple virtualized servers.
It is now impossible to reach the webserver inside my local domain... but not an issue from resolving the url from outside through the gateway. The only way I can resolve pages from the Apache web server (which is running multiple VirtualHost websites) is to edit my client systems hosts file and add [ siteSubDom.fullyQualifiedDomainName.com = 192.168.1.3 ]. Note that this was not necessary when the web server was on its own dedicated box inside the local network.

Editing the hosts file on each client system is less then ideal... and of course breaks the site when the client (laptop) machine leaves my local domain. Ipads, and other digital devices are also not addressed with this type of fix.

This is why I decided to attempt a solution by creating and maintaining a private DNS server for the local domain.

What I have accomplished so far is to establish a local domain of mydomain.local where I can access servers and devices like phone1.mydomain.local; however, I don't know how to deal with urls like siteSubDom.fullyQualifiedDomainName.com pointing to my apache webservers 192.168.1.3 or 192.168.1.11

I tried the wild card item you suggested, but I don't think that it actual addresses domains outside the local domain I created?

Am I making this clear?

bluefish1 · 02-12-2012, 01:42 PM

Awsome!!!!! Yes it is working. First dig was 29 msec and the second was 11 msec

Quote:

Originally Posted by bathory

To test if your dns is actually caching, clear its cache either by restarting it, or using

Code:

rndc flush

(if you have configured rndc)
After that use dig to do 2 lookups for the same domain and watch the last lines for the query time:

Code:

; <<>> DiG 9.8.1-P1 <<>> google.com
<-snip->
;; ANSWER SECTION:
google.com.             300     IN      A       173.194.35.50
google.com.             300     IN      A       173.194.35.51
google.com.             300     IN      A       173.194.35.52
google.com.             300     IN      A       173.194.35.48
google.com.             300     IN      A       173.194.35.49
<-snip->
;; Query time: 1119 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Feb 12 21:11:45 2012
;; MSG SIZE  rcvd: 180

; <<>> DiG 9.8.1-P1 <<>> google.com
<-sinp->

;; ANSWER SECTION:
google.com.             299     IN      A       173.194.35.49
google.com.             299     IN      A       173.194.35.50
google.com.             299     IN      A       173.194.35.51
google.com.             299     IN      A       173.194.35.52
google.com.             299     IN      A       173.194.35.48
<-snip->
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Feb 12 21:11:46 2012
;; MSG SIZE  rcvd: 180

As you see the 1st time it takes some time to get the response, but the 2nd time is takes no time as it gets the cached response

bluefish1 · 02-12-2012, 01:47 PM

Note that I only want to effect the traffic from within the network.... traffic inbound from the WAN should be left alone.

bathory · 02-12-2012, 02:23 PM

Quote:

Awsome!!!!! Yes it is working. First dig was 29 msec and the second was 11 msec

I don't think your dns is caching but rather it's still forwarding queries. The cached response should be practically zero msec. So, did you removed the forwarders directive in named.conf, or you're still forwarding queries to opendns?

Quote:

What I have accomplished so far is to establish a local domain of mydomain.local where I can access servers and devices like phone1.mydomain.local; however, I don't know how to deal with urls like siteSubDom.fullyQualifiedDomainName.com pointing to my apache webservers 192.168.1.3 or 192.168.1.11

I tried the wild card item you suggested, but I don't think that it actual addresses domains outside the local domain I created?

Am I making this clear?

I don't know if I can understand what siteSubDom.fullyQualifiedDomainName.com is. Is your dns supposed to be authoritative for the fullyQualifiedDomainName.com domain? If so, you have to add that zone in your dns named.conf and create the zone file for it.
The wildcard entry was intended to be used for the domain mydomain.local. You can do the same for fullyQualifiedDomainName.com, if you're authoritative for it. Or else please clarify what you're trying to do.

Quote:

Note that I only want to effect the traffic from within the network.... traffic inbound from the WAN should be left alone.

Again, explain what you mean. The internal dns can only be used from hosts within your LAN not from outside it.

bluefish1 · 02-12-2012, 03:06 PM

Quote:

Originally Posted by bathory

I don't think your dns is caching but rather it's still forwarding queries. The cached response should be practically zero msec. So, did you removed the forwarders directive in named.conf, or you're still forwarding queries to opendns?

No... I changed it now.

Code:

options {
  directory           "/var/named"; // the default
  dump-file           "/var/named/data/cache_dump.db";
  statistics-file     "/var/named/data/named_stats.txt";
  memstatistics-file  "/var/named/data/named_mem_stats.txt";

//  forwarders { 208.67.222.222; 208.67.220.220; };
  listen-on port 53 {192.168.1.1; 127.0.0.1; };
  listen-on-v6 port 53 { ::1; };
};

key "rndckey" {
        algorithm hmac-md5;
        secret "nKUNqNQKXWzv/osPl7g59w==";
 };

 controls {
        inet 127.0.0.1 port 953
                allow { 127.0.0.1; } keys { "rndckey"; };
 };


zone "mydomain.local" in {
  type master;
  file "mydomain.local.ns";
  allow-update { none; };
};

zone "1.168.192.in-addr.arpa" in {
  type master;
  file "1.168.192.in-addr.arpa.ns";
  allow-update { none; };
};

zone "." {    // this is the caching element?
        type hint;
        file "named.root";
};

.. but now I am getting these messages in the server message log
Feb 12 15:27:39 hostserver named[16358]: flushing caches in all views succeeded
Feb 12 15:27:40 hostserver named[16358]: network unreachable resolving 'plusone.google.com/A/IN': 2001:503:231d::2:30#53
Feb 12 15:27:41 hostserver named[16358]: network unreachable resolving 'fbcdn-profile-a.akamaihd.net/A/IN': 2001:503:a83e::2:30#53
Feb 12 15:28:10 hostserver named[16358]: network unreachable resolving 'pdns3.ultradns.org/A/IN': 2001:500:40::1#53
Feb 12 15:28:10 hostserver named[16358]: network unreachable resolving 'pdns3.ultradns.org/AAAA/IN': 2001:500:40::1#53
Feb 12 15:28:10 hostserver named[16358]: network unreachable resolving 'pdns5.ultradns.info/AAAA/IN': 2001:500:19::1#53
Feb 12 15:28:10 hostserver named[16358]: network unreachable resolving 'pdns5.ultradns.info/AAAA/IN': 2001:500:1a::1#53
Feb 12 15:28:10 hostserver named[16358]: network unreachable resolving 'moviecontrol.netflix.com/A/IN': 2001:502:f3ff::1#53
Feb 12 15:28:34 hostserver named[16358]: network unreachable resolving 'www.americanselect.org/A/IN': 2001:500:c::1#53
Feb 12 15:28:35 hostserver named[16358]: network unreachable resolving 'dns3.easydns.org/A/IN': 2001:500:f::1#53
Feb 12 15:28:35 hostserver named[16358]: network unreachable resolving 'dns3.easydns.org/AAAA/IN': 2001:500:f::1#53
Feb 12 15:28:35 hostserver named[16358]: network unreachable resolving 'dns4.easydns.info/A/IN': 2001:500:41::1#53
Feb 12 15:28:35 hostserver named[16358]: network unreachable resolving 'dns4.easydns.info/AAAA/IN': 2001:500:41::1#53
Feb 12 15:28:35 hostserver named[16358]: network unreachable resolving 'dns4.easydns.info/A/IN': 2001:500:1b::1#53
Feb 12 15:28:35 hostserver named[16358]: network unreachable resolving 'dns4.easydns.info/AAAA/IN': 2001:500:1b::1#53
Feb 12 15:28:35 hostserver named[16358]: network unreachable resolving 'dns4.easydns.info/A/IN': 2001:500:1c::1#53
Feb 12 15:28:35 hostserver named[16358]: network unreachable resolving 'dns4.easydns.info/AAAA/IN': 2001:500:1c::1#53
Feb 12 15:28:35 hostserver named[16358]: network unreachable resolving 'dns4.easydns.info/A/IN': 2001:500:49::1#53
Feb 12 15:28:35 hostserver named[16358]: network unreachable resolving 'dns4.easydns.info/AAAA/IN': 2001:500:49::1#53
Feb 12 15:28:36 hostserver named[16358]: network unreachable resolving 'dns4.easydns.info/A/IN': 2001:678:5::13#53
Feb 12 15:28:41 hostserver named[16358]: network unreachable resolving 'za.akadns.org/A/IN': 2001:500:48::1#53
Feb 12 15:28:41 hostserver named[16358]: network unreachable resolving 'zb.akadns.org/A/IN': 2001:500:48::1#53
Feb 12 15:28:41 hostserver named[16358]: network unreachable resolving 'za.akadns.org/AAAA/IN': 2001:500:48::1#53
Feb 12 15:28:41 hostserver named[16358]: network unreachable resolving 'zb.akadns.org/AAAA/IN': 2001:500:48::1#53
Feb 12 15:28:41 hostserver named[16358]: network unreachable resolving 'zc.akadns.org/A/IN': 2001:500:48::1#53
^[[BFeb 12 15:29:35 hostserver named[16358]: network unreachable resolving 'www.linuxquestions.org/A/IN': 2001:500:e::1#53
Feb 12 15:29:35 hostserver named[16358]: network unreachable resolving 'twitter.com/A/IN': 2001:500:90:1::34#53
Feb 12 15:29:35 hostserver named[16358]: network unreachable resolving 'twitter.com/A/IN': 2001:500:94:1::34#53
Feb 12 15:29:35 hostserver named[16358]: network unreachable resolving 'hostserver.hsd1.pa.comcast.net/A/IN': 2001:558:100a:5:68:87:68:244#53
Feb 12 15:30:26 hostserver named[16358]: network unreachable resolving 'electricbluefishproductions.tumblr.com/A/IN': 2001:502:4612::1#53
Feb 12 15:31:10 hostserver named[16358]: network unreachable resolving 'packet8.net/NAPTR/IN': 2001:503:231d::2:30#53
Feb 12 15:31:11 hostserver named[16358]: network unreachable resolving 'p2-eq.p8t.us/A/IN': 2001:503:d1ae:ffff:ffff:ffff:ffff:ff7e#53
Feb 12 15:31:11 hostserver named[16358]: network unreachable resolving 'p2-eq.p8t.us/A/IN': 2001:500:3682::11#53

Quote:

Originally Posted by bathory

I don't know if I can understand what siteSubDom.fullyQualifiedDomainName.com is. Is your dns supposed to be authoritative for the fullyQualifiedDomainName.com domain? If so, you have to add that zone in your dns named.conf and create the zone file for it.
The wildcard entry was intended to be used for the domain mydomain.local. You can do the same for fullyQualifiedDomainName.com, if you're authoritative for it. Or else please clarify what you're trying to do.

Sorry for being unclear. I am using noip.com to manage a domain lets call it www.bluefish1.com. I am pointing some sub domain say dev.bluefish1.com to my local apache servers (site development servers). dev.bluefish1.com is resolveable from outside the lan but within the lan it errors out. If I manually add
dev.bluefish1.com to the client via the hosts file of that system it resolves fine "of course".

Quote:

Originally Posted by bathory

Again, explain what you mean. The internal dns can only be used from hosts within your LAN not from outside it.

Map of what is going on.

Click image for larger version

Name: layout.jpg
Views: 29
Size: 131.4 KB
ID: 9075

bathory · 02-12-2012, 04:34 PM

Quote:

.. but now I am getting these messages in the server message log

Add -4 in the OPTIONS line in /etc/sysconfig/named, so it stops trying to use ipv6 addresses. Of course you have to restart bind.

Quote:

Sorry for being unclear. I am using noip.com to manage a domain lets call it www.bluefish1.com. I am pointing some sub domain say dev.bluefish1.com to my local apache servers (site development servers). dev.bluefish1.com is resolveable from outside the lan but within the lan it errors out. If I manually add
dev.bluefish1.com to the client via the hosts file of that system it resolves fine "of course".

How does it errors out and what ip are you using in the hosts file? The internal or the externa (public)?
I guess that you need to setup a split dns, for internal and external clients (views). If that's the case, have a look at this howto

Regards

bluefish1 · 02-12-2012, 08:36 PM

Quote:

Originally Posted by bathory

Add -4 in the OPTIONS line in /etc/sysconfig/named, so it stops trying to use ipv6 addresses. Of course you have to restart bind.

That seems to have done the trick, no more errors in the message log. Thank you for your assistance. I am learning.

Quote:

How does it errors out and what ip are you using in the hosts file? The internal or the external (public)?

To resolve inside my lan I have to use the private address:
192.168.1.3 dev.bluefish1.com
192.168.1.11 haweater.servehttp.com

Quote:

I guess that you need to setup a split dns, for internal and external clients (views). If that's the case, have a look at this howto

Regards

I will check this out.

bluefish1 · 02-14-2012, 09:57 PM

This is working as is and I can resolve the mydomain.local addresses, but I am having trouble understanding the setup of the additional zone.
this is where I am at:

Code:

[22:28:15 root]$ cat named.conf
options {
  directory           "/var/named"; // the default
  dump-file           "/var/named/data/cache_dump.db";
  statistics-file     "/var/named/data/named_stats.txt";
  memstatistics-file  "/var/named/data/named_mem_stats.txt";

//  forwarders { 208.67.222.222; 208.67.220.220; };
  listen-on port 53 {192.168.1.1; 127.0.0.1; };
  listen-on-v6 port 53 { ::1; };
};

key "rndckey" {
 	algorithm hmac-md5;
 	secret "nKUNqNQKXWzv/osPl7g59w==";
 };
 
 controls {
 	inet 127.0.0.1 port 953
 		allow { 127.0.0.1; } keys { "rndckey"; };
 };

acl "mylan" {
	127/8; 192.168.1.0/24;
};

view "inside" {
	match-clients { "mylan";};
	recursion yes;
	
	zone "mydomain.local" in {
  	type master;
  	file "mydomain.local.ns";
  	allow-update { none; };
	};

	zone "1.168.192.in-addr.arpa" in {
  	type master;
  	file "1.168.192.in-addr.arpa.ns";
  	allow-update { none; };
	};

 	//  zone "externaladdress.com" in {
	//  type master;
	//  file "externaladdress.com.ns";
	// allow-transfer {192.168.1.3}        
	// allow-update { none; };
  	//     };	

	zone "." {    // this is the caching element?
        type hint;
        file "named.root";
	};

	//named[854]: client 192.168.1.55#49756: RFC 1918 response from Internet for 2.55.211.10.in-addr.arpa
	zone "10.IN-ADDR.ARPA" { //empty zone to stop RFC 1918 private ip leak 10.*
	type master;
	file "empty";
	};
};

view "outside" {
	match-clients { any; };
	recursion no;
	
	zone "." {    // this is the caching element?
        type hint;
        file "named.root";
	};
};[/etc]
[22:28:26 root]$

I need a zone in the inside view to capture addresses bound for externaladdress.com to be redirected to the internal servers. This was my start but I really don't have a clue
zone "externaladdress.com" in {
type master;
file "externaladdress.com.ns";
allow-transfer {192.168.1.3}
allow-update { none; };
};

externaladdress.com.ns:
$TTL 1d
mydomain.local. IN SOA ns.externaladdress.com. support.externaladdress.com. (
2010031524
3h
15m
3w
3h )

# IN NS ns.externaladdress.com.
IN NS ns.externaladdress.local.

; private hosts
ns IN A 192.168.1.1
phprojekt.externaladdress.com. IN A 192.168.1.3