Can Bind forward requests from within an authoritative domain?

Kevin Darcy kcd at daimlerchrysler.com
Mon Apr 16 21:07:05 UTC 2007 

Jon Reynolds wrote:
> Eric B. wrote:
>   
>> Hi,
>>
>> Maybe I am going about this the wrong way, so any help/advice you can give 
>> me would be greatly appreciated.
>>
>> I currently have an external DNS with all my typical DNS entires (mail, www, 
>> ftp, etc...) for my domain (ex: domain.com).  I am now in the process of 
>> setting up an internal DNS for all my internal machines (we've been 
>> connection to machines using IPs until now). What I would ideally like to do 
>> is create my internal dns in such a way that if it receives a request for a 
>> name that it can't resolve, that it would query the external dns for the 
>> hostname.
>>
>> So for instance, if my domain is domain.com, my external dns would resolve: 
>> ftp.domain.com, mail.domain.com, www.domain.com.
>> My internal dns would resolve my internal machine names: 
>> chocolate.domain.com, vanilla.domain.com, rockyroad.domain.com
>> I would rather not have to duplicate all the entries from the external dns 
>> onto the internal dns, but would like to be able to query the internal DNS 
>> for ftp.domain.com and have it resolved.
>>
>> Is something like this possible?  I've tried playing around with the forward 
>> & recursive options, but can't seem to get it to work.  I set the internal 
>> dns as type master for domain.com, so I am assuming that it won't 
>> recurse/forward any missing requests to other machines if it fails.
>>
>> Am I on the wrong track?  Is there a way to get this to work?
>>
>> Thanks for any advice!
>>
>> Eric
>>     
>
>
> You might want to check out 'views'. This allows you to create one DNS 
> server with an internal and external "view".
>
>   
That gets you out of having to run separate boxes for internal versus 
external, or separate instances running on different network interfaces 
(virtual or physical) on the same box, but it *doesn't* remove the 
requirement to duplicate the external entries in the internal version of 
the relevant zone(s). It's always possible to put the "common" entries 
in an $INCLUDE file, of course, which would be shared by both the 
internal and external versions of the zone, just be sure to increment 
the SOA for both versions of the zone, whenever the contents of the 
$INCLUDE file change.

                                                                         
                  - Kevin

More information about the bind-users mailing list