LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Bind-DNS: Use a public domain as internal zone, but lookup unknown subdomains on a public dns server (https://www.linuxquestions.org/questions/linux-server-73/bind-dns-use-a-public-domain-as-internal-zone-but-lookup-unknown-subdomains-on-a-public-dns-server-4175679945/)

dr-ing 08-05-2020 09:36 AM

Bind-DNS: Use a public domain as internal zone, but lookup unknown subdomains on a public dns server
 
Hello,

as mentioned in the title I use Bind-DNS as my local DNS server.
For this I have two zones, example.local and example.com.
The second one is actually my public domain name, but I use it for a few internal subdomains so that my publicly valid wildcard certificate is valid and the internal subdomains thus have an SSL certificate accepted by all devices and browsers (which I need for a few devices that only accept a valid SSL certificate).

The problem is: Since I have the example.com zone, it resolves the registered hosts (local.example.com,int.example.com), but not the public hosts that I have registered over my domain name provider, for example: example.com or ext.example.com, because they are probably not included in the zone file. If I add them as well, my bind-dns server can resolve them without problems.

My "goal" is that if bind-dns cannot find the subdomain in the zone files, it will forward the request to a public dns server (which I have configured in the named.conf.options file?)

The example.com zone looks similar to this:
Code:

;
;
$TTL        86400
;
@        IN        SOA        example.com. admin.example.com. (
                    2020071401                ; Serial
                        604800                ; Refresh
                          86400                ; Retry
                        2419200                ; Expire
                          86400 )        ; Negative Cache TTL
; name servers
                        IN        NS        ns1.example.com.
;
; A records
local.example.com.        IN        A        10.0.100.2
int.example.com.        IN        A        10.0.100.3

My named.conf.local:
Code:

// example.com
zone "example.com" {
        type master;
        file "/var/cache/bind/db.example.com";
};

And my named.conf.options:
Code:

acl "trusted" {
        10.0.100.0/24;
};

options {
        directory "/var/cache/bind";
       
        recursion yes;
        allow-recursion { trusted; };
        listen-on { 127.0.0.1; 172.24.0.2; };
        allow-transfer { none; };

        forwarders {
                1.1.1.1;
                8.8.8.8;
                1.0.0.1;
                8.8.4.4;
        };

        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { none; };
};

TIA,
dr-ing.

smallpond 08-06-2020 11:20 AM

Generally, there is one authoritative nameserver for a domain. I don't think bind has any option for forwarding requests if it is authoritative for a zone. Simplest is to put all of the internal sites on a separate subdomain, and all of the publicly accessible sites on your ISP nameserver. If you want a separate internal nameserver that knows additional hosts on the public domain, then you will need to manually maintain the two copies and make sure that the internal sites use the internal nameserver. That can get interesting if you are using VPNs or doing updates from DHCP.


All times are GMT -5. The time now is 03:49 AM.