allow-query, by itself, doesn't do what the original poster wants.

This requires separate instances of named (BIND 8) or separate "views" in a
single instance (BIND 9). The external entries will need to be maintained in
*both* versions of the zone, although if the same box is master for both versions
of the zone, perhaps you could play $INCLUDE file games to make maintenance a
little easier...

Bryan Hodgson wrote:

> If you check the archives, you'll find that this topic has been discussed
> within the past couple of weeks.  In brief, current versions of bind can
> be configured to provide this functionality from single server(s); check
> the 'allow-query' option.
> > For the sake of argument, let's say I'm authoritative for  I have
> > two nameservers, and they both are told they're masters for  One
> > is internal only so I put all of my internally needed addresses in
> > it(databases, employee info, etc..) the internal and all of my external
> > stuff(web, email) in the external.  My question is, how can I tell all of my
> > internal machines to query the internal master server, and if it doesn't
> > resolve, then query the external master?  Right now, if the internal doesn't
> > know, it just rejects it as no such domain since it's the master server for
> > that domain.
