Resolving both internal and external addresses at the same host.

Kevin Darcy kcd at daimlerchrysler.com
Thu Apr 19 17:31:54 UTC 2001 

No, forwarding isn't going to help you here, since a BIND nameserver never
forwards for a name if it is contained in a zone for which it is
authoritative. When you run split DNS with BIND, you need to maintain the
entries which you want to be visible both externally and internally in
*both* the internal and external versions of the zone. One kludge for making
this a little easier is to run the internal and external master on the same
physical box (either a "two-headed" configuration with different instances
listening to different network interfaces, or a BIND 9 nameserver with
"view"s), and then put the common data into an $INCLUDE file.


- Kevin

Scott Dejong wrote:

> Hello,
>
> I work for a company in which we have BIND 9.1.0 installed both externally
> and internally.  It is installed in a split fashion (i.e. we have root
> internally), running in a chroot environment as user nobody.  In our
> screened subnets, we have caching only DNS servers that are not visible to
> the outside world.  One set caches internal names and the other external
> names.  The problem is that we have hosts that will need to resolve both
> internal and external addresses located.
>
> Is there a way to configure either a UNIX (AIX, Solaris, LINUX, ...) host
> or a DNS server to look external if not found look internal.  For example:
> I have *.acme.com internal and external.  I have a host that is looking
> for the external address joe.acme.com.
>
> 1.  The local resolver structures the query and sends it to the internal
> DNS hosts receiving a not found response. The local resolver then sends
> it to the external DNS hosts and receives the address.
>
> -or-
>
> 2.  The local resolver sends the request to the internal DNS host which,
> in turn, recursively acquires the address from the external servers and
> caches and returns the response to the local resolver.
>
> The problem which plagues me is that both internal and external are
> authoritative for acme.com.  Would forwarders accomplish this?
>
> Scott
>
> --
> "I think we are in rats' alley
>   where the dead men lost their bones."
>
> -- T.S. Elliot

More information about the bind-users mailing list