Special-case resolution within the same domain

Jeff Hardy hardyjm at potsdam.edu
Tue Jul 26 18:14:27 UTC 2005 

Obviously I had trouble coming up with a subject:)  I am trying to
create a nameserver on localbox that can answer requests for
example.com, but also have the ability to answer some requests for hosts
in that zone differently out of a local zone file.

With Bind 9.2.x, the only way I could think to accomplish this was to
use multiple views.  The first thing I tried on localbox (somewhat
successfully) was to have an "internal" view matching clients on my
subnet, containing a zone of type master for example.com.  Then an
"external" view with match-clients set to "none" that was a slave for
example.com, pointing to our domain's primary master.  The zone file in
the internal view was nothing more than a few A records for these
special resolution cases, and an INCLUDE statement pointing to the
entire correct zone I had pulled in as a master.

In named.conf:

view "internal" {
        match-clients { "trusted"; };

        zone "example.com" {
                type master;
                file "masters/db.example.com";
        };
};

view "external" {
        match-clients { "none"; };

        zone "example.com" {
               
                type slave;
                file "slaves/db.example.com";
                masters { 192.168.1.1; };
        };
};


In masters/db.example.com:

$INCLUDE slaves/db.example.com		;gets the SOA from slave zone
$ORIGIN example.com.
host1                  A       192.168.0.1
host2                  A       192.168.0.2
host3                  A       192.168.0.3


This works, but the drawback is that if the same hostname is specified
in my little zone file here with a different address, the host resolves
to multiple addresses.

The natural thought would be to use some kind of forwarding facility,
but this does not work because this server is authoritative for
example.com, and requests are only forwarded from a nameserver when it
is not authoritative for a domain.  Also there doesn't seem to be a way
to mix and match local zone data with a zone that does forwarding.

I also tried creating two views with identical match-clients acls, but
pointing to different files.  This doesn't work either.

Essentially, the scenario I thought of was a little administrator's
shell box running a nameserver doing this kind of stuff, firewalled off
from the world (and most of the subnet), that allowed for special-case
resolution within the same domain for a subnet full of administrative
interfaces on electronics, servers, and so forth.

I know there are multiple approaches to allow for this, including a
separate nameserver, delegating to a new zone, etc.  However it seems to
me that this is a nifty approach and should be doable.  Am I overlooking
something?  Thanks.


-- 
Jeff Hardy
Systems Analyst
hardyjm at potsdam.edu

More information about the bind-users mailing list