LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 08-05-2020, 09:36 AM   #1
dr-ing
LQ Newbie
 
Registered: Mar 2020
Posts: 14

Rep: Reputation: Disabled
Bind-DNS: Use a public domain as internal zone, but lookup unknown subdomains on a public dns server


Hello,

as mentioned in the title I use Bind-DNS as my local DNS server.
For this I have two zones, example.local and example.com.
The second one is actually my public domain name, but I use it for a few internal subdomains so that my publicly valid wildcard certificate is valid and the internal subdomains thus have an SSL certificate accepted by all devices and browsers (which I need for a few devices that only accept a valid SSL certificate).

The problem is: Since I have the example.com zone, it resolves the registered hosts (local.example.com,int.example.com), but not the public hosts that I have registered over my domain name provider, for example: example.com or ext.example.com, because they are probably not included in the zone file. If I add them as well, my bind-dns server can resolve them without problems.

My "goal" is that if bind-dns cannot find the subdomain in the zone files, it will forward the request to a public dns server (which I have configured in the named.conf.options file?)

The example.com zone looks similar to this:
Code:
;
;
$TTL	86400 
;
@	IN	SOA	example.com. admin.example.com. (
		     2020071401		; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			  86400 )	; Negative Cache TTL
; name servers
			IN	NS	ns1.example.com.
;
; A records
local.example.com.	IN	A	10.0.100.2
int.example.com.	IN	A	10.0.100.3
My named.conf.local:
Code:
// example.com
zone "example.com" {
	type master;
	file "/var/cache/bind/db.example.com";
};
And my named.conf.options:
Code:
acl "trusted" {
	10.0.100.0/24;
};

options {
	directory "/var/cache/bind";
	
	recursion yes;
	allow-recursion { trusted; };
	listen-on { 127.0.0.1; 172.24.0.2; };
	allow-transfer { none; };

	forwarders {
		1.1.1.1;
		8.8.8.8;
		1.0.0.1;
		8.8.4.4;
	};

	dnssec-validation auto;

	auth-nxdomain no;    # conform to RFC1035
	listen-on-v6 { none; };
};
TIA,
dr-ing.
 
Old 08-06-2020, 11:20 AM   #2
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: CentOS 6 & 7
Posts: 3,412

Rep: Reputation: 916Reputation: 916Reputation: 916Reputation: 916Reputation: 916Reputation: 916Reputation: 916Reputation: 916
Generally, there is one authoritative nameserver for a domain. I don't think bind has any option for forwarding requests if it is authoritative for a zone. Simplest is to put all of the internal sites on a separate subdomain, and all of the publicly accessible sites on your ISP nameserver. If you want a separate internal nameserver that knows additional hosts on the public domain, then you will need to manually maintain the two copies and make sure that the internal sites use the internal nameserver. That can get interesting if you are using VPNs or doing updates from DHCP.
 
  


Reply

Tags
bind, bind9, dns, dnsserver


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
BIND DNS forward lookup zone functions, but no idea how to set up a reverse lookup zone MrRichBOB Linux - Newbie 3 01-29-2019 04:29 PM
I find file zone in the slave zone to the do a transfer of zone from Windows Server 2012 as master dns and CentOS as slave DNS. To learn Linux - Newbie 1 09-02-2016 09:36 AM
Which zone bind dns work either in forward zone are reverse zone sanjay87 Linux - Server 2 06-05-2012 04:21 AM
IPtables - block subdomains (a.domain.com, b.domain.com, c.domain.com,...) benjalien Linux - Networking 6 06-24-2009 07:03 AM
Traceroute, Ping, Domain Name Server (DNS) Lookup, WHOIS, and DNS Records Lookup netoknet General 1 05-09-2005 03:43 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 07:23 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration