Overload some records for intern use

Thomas Harold thomas-news at nybeta.com
Fri Nov 13 14:14:34 UTC 2009

On 11/13/2009 6:44 AM, Jonathan Petersson wrote:
> Someone correct me if I'm wrong but using BIND you must have the full
> zone, partial forwarding/proxying isn't built in so you would need to
> download the zone and replace the data you need to change.

If all you want to do is change an A record (served from an external 
zone) to a different internal IP address, then it's doable with BIND.

For example, if I want to redirect svn.example.org to the internal IP 
address rather then the public IP address, I add the following zone file 
(called "svn.example.org" in my setup):

$TTL 600        ; 10 minutes
svn.example.com        IN SOA  fw.internal.example.org. dns.example.com. (
                                 2007052665 ; serial
                                 3600       ; refresh (1 hour)
                                 900        ; retry (15 minutes)
                                 7200       ; expire (2 hours)
                                 3600       ; minimum (1 hour)
                         NS      fw.internal.example.org.
$ORIGIN svn.example.com.

So for clients inside the LAN who talk to this DNS server and ask for 
"svn.example.com" will get the address.  Clients outside the 
LAN or who don't use the DNS server will get the public IP address from 
the public DNS records.

I don't recall offhand if there's more to it, it's been a year or more 
since I setup that record.  Basically you're adding a local private zone 
that is named the same as the DNS record that you're overloading and 
telling BIND to pretend that it is authoritative for that record.

More information about the bind-users mailing list