DNS External/Internal Shadow Domains?

Cricket Liu cricket at acmebw.com
Fri Nov 12 05:09:19 UTC 1999

> Thanks to the new "de-forwarding" feature of BIND, the internal
> could selectively use the internal roots for internal domains and forward
> everything else, thus reaping the rewards of both architectures, i.e. the
> ability to resolve Internet names via forwarding, while at the same time
> exploiting the robustness, adaptability and scalability of an
> architecture for everything internal.

Yeah, I thought of that some time ago, back when the new forwarding
features were spec'd, but it doesn't work.  When you try to set this up,
you'll notice that in a configuration like this:

options {
    forwarders { external.forwarder; };

zone "internal.zone" {
    type stub;
    file "stub.internal.zone";
    forwarders {};

zone "." {
    type hint;
    file "internal.root.hints";

...your system query gets sent to your forwarder.  Since the forwarder
sees the Internet name space, you get the Internet's root name servers
in the response, and you ignore the contents of your root hints file.
Consequently, you don't use your internal roots.

If you've found a way around this, I'd love to hear it.


Acme Byte & Wire
cricket at acmebw.com

Attend the next Internet Software Consortium/Acme Byte & Wire
DNS and BIND class!  See www.acmebw.com/training.htm for
the schedule and to register for upcoming classes.

More information about the bind-users mailing list