Latest LQ Deal: Latest LQ Deals
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 08-05-2020, 09:36 AM   #1
LQ Newbie
Registered: Mar 2020
Posts: 14

Rep: Reputation: Disabled
Bind-DNS: Use a public domain as internal zone, but lookup unknown subdomains on a public dns server


as mentioned in the title I use Bind-DNS as my local DNS server.
For this I have two zones, example.local and
The second one is actually my public domain name, but I use it for a few internal subdomains so that my publicly valid wildcard certificate is valid and the internal subdomains thus have an SSL certificate accepted by all devices and browsers (which I need for a few devices that only accept a valid SSL certificate).

The problem is: Since I have the zone, it resolves the registered hosts (,, but not the public hosts that I have registered over my domain name provider, for example: or, because they are probably not included in the zone file. If I add them as well, my bind-dns server can resolve them without problems.

My "goal" is that if bind-dns cannot find the subdomain in the zone files, it will forward the request to a public dns server (which I have configured in the named.conf.options file?)

The zone looks similar to this:
$TTL	86400 
@	IN	SOA (
		     2020071401		; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			  86400 )	; Negative Cache TTL
; name servers
			IN	NS
; A records	IN	A	IN	A
My named.conf.local:
zone "" {
	type master;
	file "/var/cache/bind/";
And my named.conf.options:
acl "trusted" {;

options {
	directory "/var/cache/bind";
	recursion yes;
	allow-recursion { trusted; };
	listen-on {;; };
	allow-transfer { none; };

	forwarders {;;;;

	dnssec-validation auto;

	auth-nxdomain no;    # conform to RFC1035
	listen-on-v6 { none; };
Old 08-06-2020, 11:20 AM   #2
Senior Member
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: CentOS 6 & 7
Posts: 3,434

Rep: Reputation: 922Reputation: 922Reputation: 922Reputation: 922Reputation: 922Reputation: 922Reputation: 922Reputation: 922
Generally, there is one authoritative nameserver for a domain. I don't think bind has any option for forwarding requests if it is authoritative for a zone. Simplest is to put all of the internal sites on a separate subdomain, and all of the publicly accessible sites on your ISP nameserver. If you want a separate internal nameserver that knows additional hosts on the public domain, then you will need to manually maintain the two copies and make sure that the internal sites use the internal nameserver. That can get interesting if you are using VPNs or doing updates from DHCP.


bind, bind9, dns, dnsserver

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
BIND DNS forward lookup zone functions, but no idea how to set up a reverse lookup zone MrRichBOB Linux - Newbie 3 01-29-2019 04:29 PM
I find file zone in the slave zone to the do a transfer of zone from Windows Server 2012 as master dns and CentOS as slave DNS. To learn Linux - Newbie 1 09-02-2016 09:36 AM
Which zone bind dns work either in forward zone are reverse zone sanjay87 Linux - Server 2 06-05-2012 04:21 AM
IPtables - block subdomains (,,,...) benjalien Linux - Networking 6 06-24-2009 07:03 AM
Traceroute, Ping, Domain Name Server (DNS) Lookup, WHOIS, and DNS Records Lookup netoknet General 1 05-09-2005 03:43 AM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 07:19 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration