Here's my situation:

Currently my linux clients use two Windows DNS servers to resolve internal/external addresses. My linux clients are in the abc.xyz.ca zone and addresses from this zone are resolved from the Windows DNS servers. I have no control over the entries in these nameservers.

For this reason I want to configure a separate Linux NS(using BIND) that will only contain a few entries in that same abc.xyz.ca zone...this is in the hope that I can configure temporary entries that my linux environment can use (without affecting the actual windows NS).

Problem seems to be that these entries go in the same zone. So in a client resolv.conf if I put the windows NS first and try to lookup an entry that's only in my linux NS the windows will say it doesn't exist and the client will stop there. Same thing if the linux NS goes first.

Does anyone know of a way to either configure the linux clients to continue down the NS list in resolv.conf (if an entry isn't found), or maybe a way to configure the nameservers in a way that this will work?

Thanks,
Ryan

I believe this is possible, we have a split view bind dns with internal, customer and external views all on the same server(s).

In the VMware environment the Windows R2 server has to run DNS for VMware and it is a non-accessible network from the outside world.

Basically I use the Windows DNS for the VMware ESX servers then the internal ip address of the bind dns servers for resolution from our internal networks.

So I think I have what you want in a reverse role.

My clients will each be pointing to both servers (with different entries in them) though which is where the issue lies I think.

So if we say ServerA is one DNS, ServerB is the other and they're configured something like this:

ServerA
- Contains EntryA.abc.xyz.ca XX.XX.XX.XX

ServerB
- Contains EntryB.abc.xyz.ca XX.XX.XX.XX

ClientA has ServerA and ServerB listed in it's resolv.conf (ServerA is listed first).

If I do a lookup from ClientA for EntryA it will work, but if I do a lookup for EntryB it will fail because ServerA says "that client doesn't exist". If I were to put ServerB first in resolv.conf then the opposite would happen (EntryB could be looked up, but not EntryA)
I'd like my clientA to check both DNS servers before returning failure (or any other method to achieve the same thing).

You can use "dnsmasq" and point clients DNS to it only. You add entries to it /etc/hosts file and it will respond if find one, if not then it ask servers from special resolve.conf file (with orginal DNS entries) and forward answer to client. It has also cache capabilities. The disadvantage is that it need to be available all time or clients will not find any host and it is not a full DNS server, only forwarder. Probably on bind you can do the same, but I don't known it.

I'll definitely take a look at this, but likely it won't fit for me because the Windows DNS is HA and this solution likely wouldn't be.
Ideally my clients would check the Windows nameservers first for everything but if it's not possible it's not possible I guess.

Thanks!

Normally the DNS client should check all DNS servers listed in resolv.conf, that's why multiple entries are allowed.
Are you saying yours don't? that would be very odd.

One soln would be to setup your Linux NS, pt your clients there and set it to fwd queries it can't answer to the MS NS servers.
All std BIND stuff.
See eg chap 16 http://www.linuxtopia.org/online_boo...ion/index.html

This first server ServerA responded with negative answer. Client should ask only one server, and try next if ealier didn't respond, not when found that domain does not exists. What client will do if it get for example three diffrent response from diffrent servers? It would be also wasting resources.