Overload some records for intern use
Thomas Harold
thomas-news at nybeta.com
Fri Nov 13 14:14:34 UTC 2009
On 11/13/2009 6:44 AM, Jonathan Petersson wrote:
> Someone correct me if I'm wrong but using BIND you must have the full
> zone, partial forwarding/proxying isn't built in so you would need to
> download the zone and replace the data you need to change.
>
If all you want to do is change an A record (served from an external
zone) to a different internal IP address, then it's doable with BIND.
For example, if I want to redirect svn.example.org to the internal IP
address rather then the public IP address, I add the following zone file
(called "svn.example.org" in my setup):
$ORIGIN .
$TTL 600 ; 10 minutes
svn.example.com IN SOA fw.internal.example.org. dns.example.com. (
2007052665 ; serial
3600 ; refresh (1 hour)
900 ; retry (15 minutes)
7200 ; expire (2 hours)
3600 ; minimum (1 hour)
)
NS fw.internal.example.org.
$ORIGIN svn.example.com.
A 192.168.0.9
So for clients inside the LAN who talk to this DNS server and ask for
"svn.example.com" will get the 192.168.0.9 address. Clients outside the
LAN or who don't use the DNS server will get the public IP address from
the public DNS records.
I don't recall offhand if there's more to it, it's been a year or more
since I setup that record. Basically you're adding a local private zone
that is named the same as the DNS record that you're overloading and
telling BIND to pretend that it is authoritative for that record.
More information about the bind-users
mailing list