Internal / External DNS : Multiple resolution for the same host

Kevin Darcy kcd at daimlerchrysler.com
Wed Oct 16 21:02:23 UTC 2002


Marc Berger wrote:

> Hello,
>
> I've got 3 DNS servers. Two secundary that answer to client request
> and a master which is the master for our zone.
>
> The secundary are secundary for our zone and forward the other request
> to an Internet DNS.
>
> What I'd like to do is rewrite public host record on my private DNS
> (but not all the public zone). For example assuming we have in a
> public DNS :
> Zone test.com :
> www.test.com IN A 1.1.1.1
> test.test.com IN A 1.1.1.2
>
> For some reason (the test.test.com server is on our private LAN), I
> want my internal DNS to rewrite test.test.com to 10.1.1.2 for example
> but to leave the others record as they are on the public DNS. Today
> the only solution I found is to configure my private DNS as the master
> for the zone test.com and my secundary as secundary, but to keep all
> the record working, I have to rewrite all the zone and I must declare
> :
> www.test.com IN A 1.1.1.1
> test.test.com IN A 10.1.1.2
>
> This is an important problem because if a record is changed on the
> real primary server (www.test.com for example), I have to change it on
> my fake primary and this is not possible because I'm not aware of the
> real primary change.
>
> Is there a solution to rewrite on my DNS only one host in a public
> zone ?

No, BIND does not support "rewriting" in this manner. You could, however,
with BIND 9, serve both versions of the zone from a single nameserver
instance by using the "view" feature. You could perhaps even leverage
this further, by having the records which are common to both the internal
and external versions of the zone in a separate file which is $INCLUDE'd
into both zonefiles.

Since you only have one name which differs between the two versions of
the zone, another option would be to define that name as a zone by itself
on the "private" master server. This is not a very scalable solution if
you start creating more of these "split" names though...


- Kevin




More information about the bind-users mailing list