private DNS confusion

slvjerome · 05-21-2008, 10:00 AM

Hello,

The external DNS server for our domain "example.com" is provided by our ISP. We have mail, www, ftp machines hosted by another hosting company.

Now we have a machine on our LAN that is available on the internet (hostname is "members.example.com"). We have the external DNS setup correctly for "members.example.com" at our ISP.

However for internal users to get to "members.example.com" we now are running a private internal DNS server. It is on CentOS 5.1 (it is actually the same box as "members.example.com").

How do I configure the internal DNS server to:
1. resolve "members.example.com" to it's LAN address.
2. forward ALL other "example.com" requests to our ISP's DNS server.
3. forward ALL other DNS requests to our ISP's DNS server.

So the internal DNS server's sole purpose is to handle name requests for "members.example.com" and forward all other requests to the ISP nameserver.

Any ideas on how to configure this using BIND 9?

dkm999 · 05-21-2008, 07:53 PM

I believe that if you have a cacheing nameserver already set up on your CentOS machine, all you need to do is to make it authoritative for the subdomain members.example.com, by providing a zone file to it which contains a SOA record for that subdomain (and an A record to specify the address).

For extra credit, you might be able to add your ISP's nameserver to the hints file that all cacheing nameservers load, so that they have a clue about how to begin resolving a name.

robrecc · 05-21-2008, 10:04 PM

in your named.conf something like this would help

options {
directory "/var/named";
allow-query { example-domain.com; };
forwarders { xxx.xxx.xxx.xxx; xxx.xxx.xxx.xxx; };
zone-statistics yes;
};

Put your ISP DNS servers in the forwarders section

slvjerome · 05-22-2008, 08:42 AM

Thanks guys. It works now. That is actually the first setup I tried and it didn't work. Queries for "members.example.com" would time out. Queries for "www.example.com" and the others would work fine.

So I went with a setup for a zone file of "example.com" but then I had to duplicate the information for the other "example.com" hosts (www, ftp, mail). And that worked but I didn't like it because of the duplication.

After reading your posts I tried doing the setup for a zone of "members.example.com" again to avoid the duplication problem. It works now! I'm not sure why it didn't work the first time, but I think it may be because I had this line in the configuration that didn't work:

IN A 192.168.0.7

I excluded that line this time and it worked. So my final zone file looks like this:

$TTL 3h
@ IN SOA members.example.com. myemail.example.com. (
200805204 ; serial
2H ; refresh slaves
5M ; retry
1W ; expire
1M ; Negative TTL
)

@ IN NS members.example.com.

members.example.com. IN A 192.168.0.7

And my final named.conf looks like this:

zone "members.example.com" IN {
type master;
zone-statistics no;
file "example.com.zone";
};
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
allow-query { acl_all; };
forwarders { xxx.xxx.xxx.xxx; xxx.xxx.xxx.xxx; };
};
logging {
channel default_debug {
file "/var/named/data/named.run";
severity dynamic;
print-time yes;
print-severity yes;
print-category yes;
};
};

Thanks for the help!
Jerome