Access external hosts with internal split DNS resolver
Dave Koelmeyer
dave.koelmeyer at davekoelmeyer.co.nz
Sun Aug 9 04:44:27 UTC 2015
Hi All,
This question I imagine comes up regularly – I see online there are
several potential solutions so thought it best to see what the accepted
common practice is.
I have configured an internal BIND 9.6 server to act as a split DNS
resolver for an internal (home) network. It uses forwarding for public
host DNS lookups.
>From my named.conf file (excerpt):
acl homenet { 192.168.1.0/24; };
options {
allow-query { homenet; };
directory "/var/named";
forwarders { 121.98.0.1; 121.98.0.2; }; // external DNS servers
forward first;
};
zone "mydomain.co.nz" IN {
type master;
file "zone.mydomain.co.nz";
allow-update { none; };
};
In my zone.mydomain.co.nz file I've defined my internal hosts:
$TTL 604800
@ IN SOA mydomain.co.nz. admin.mydomain.co.nz. (
2006020201 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800); Negative Cache TTL
; NS record is the hostname of the BIND server
IN NS bind-server
; A records are for internal resources
dms IN A 192.168.1.2
cms IN A 192.168.1.4
xmpp IN A 192.168.1.6
Internal lookups to dms.mydomain.co.nz for example work just fine. My
question is: how best to configure lookups to Internet-facing hosts
defined in my domain registrar's public DNS zone file, while retaining
the use of the internal DNS server for hosts on my internal network?
In practice, with a host on my internal network configured to use the
internal BIND server, this is what I see:
- lookups to dms.mydomain.co.nz are fine
- lookups to www.mydomain.co.nz fail, where www.mydomain.com is my
public webserver defined in my domain registrar's zone file
- lookups to www.mydomain.co.nz work only if the host is configured to
use the public DNS server
Any advice please and pointers on how to best approach this would be
appreciated :)
--
Dave Koelmeyer
http://blog.davekoelmeyer.co.nz
GPG Key ID: 0x238BFF87
More information about the bind-users
mailing list