Fake TLD inside a VPN and forwarding

Alistair Mackay ali_m_000 at hotmail.com
Thu May 12 00:09:06 UTC 2005


I have a 4 site VPN and am trying to run an internal DNS heirarchy
whilst still providing DNS cacheing to the outside world.

It looks like this

TLD of .local

site1 is authoratitive for .local

Each site has a DNS (variously bind 9.2.1 and 9.2.2) server and is
authoratitive for its own subdomain i.e.

site1.local.
site2.local.
site3.local.
site4.local.

The server for site1.local is also the server for .local

The zone for .local has the appropriate delegation records for each
site.

So far, in order to be able to lookup host1.site3.local. from
host1.site2.local. or any such internal query, I've had to set options
{ forwarders {}} to point at site1's DNS server. This has the drawback
that a lookup for an external address (like redhat.com) from site2, 3
or 4 gets forwarded over the VPN to site1 which then resolves the
external address when I would prefer it to go direct.

Is there a way to configure forwarding such that only queries for hosts
in the .local domain are forwarded internally whilst all others are
not.

None of these servers are authoratitive for any real domains, in fact
they are all behind firewalls from the Internet at large.

Thanks.



More information about the bind-users mailing list