Questions about my special DNS setting

Tue Dec 12 01:20:41 UTC 2006

In article <elism0$1mam$1 at sf1.isc.org>,
 "dev_null" <dev_null at pubbox.net> wrote:

> Hello members,
> I have a question about my DNS setting.
> 
> My company has the public domain,given the domain name is foo.com
> Certainly this domain has the public authority DNS.
> Now I want to set the private DNS,for example,such a host it has the A record 
> in authority DNS:
> 
> aaa.foo.com.            325     IN      A       125.90.100.xxx
> 
> When in local network,I want to set this host to be resolved to a private 
> network ip addr,like:
> 
> aaa.foo.com.            325     IN      A       192.168.0.10
> 
> So I create this config file:
> 
> zone "foo.com" in {
>         type master;
>         file "db.foo.com";
> };
> 
> And in db.foo.com, I wrote:
> 
> $TTL 3h
> @ IN SOA dns-cache.foo.com. host.foo.com. (
>                           1        ; Serial
>                           3h       ; Refresh after 3 hours
>                           1h       ; Retry after 1 hour
>                           1w       ; Expire after 1 week
>                           1h )     ; Negative caching TTL of 1 hour
> 
> foo.com.         IN NS  dns-cache.foo.com.
> aaa             IN A    192.168.0.10
> 
> This works fine.When I 'ping aaa.foo.com', I got the responce from 
> '192.168.0.10'.
> 
> 
> The problems for me are,since I don't add all the records in public authority 
> DNS's zone file to local DNS zone,some resolving become lost.For 
> example,there is an A record in public authority DNS:
> 
> mail.foo.com      325     IN      A       125.90.100.yyy
> 
> But this A record don't appear in my private DNS.When using the private DNS 
> and 'ping mail.foo.com',I got nothing.
> 
> 
> Is there any way to resolve my problems? I hope that,for some a request,if 
> there is no records in the private DNS,it should be forwarded to the public 
> authority DNS.Can this be done by 'dns forward'? Thanks in advances.

No, if you're authoritative for a zone, you will never forward anything 
within that zone.

Instead of making your server authoritative for the whole foo.com zone, 
make it authoritative for just aaa.foo.com:

zone "aaa.foo.com" {
  type master;
  file "db.aaa.foo.com";
};

and in db.aaa.foo.com, write:

$TTL 3h
@    IN SOA dns-cache.foo.com. host.foo.com. (
                          1        ; Serial
                          3h       ; Refresh after 3 hours
                          1h       ; Retry after 1 hour
                          1w       ; Expire after 1 week
                          1h )     ; Negative caching TTL of 1 hour

     IN NS  dns-cache.foo.com.
     IN A    192.168.0.10

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***