Set up a recursive servers to provide different data

Karl Auer kauer at
Wed Jun 10 10:11:13 UTC 2015

On Wed, 2015-06-10 at 17:17 +0800, liumingxing wrote:
> We have a domain name while now we have application
> servers that are located in in the localnet with private addresses and
> ones in the external internet. We want to setup a recursive in local
> networks that can provide recursive service and auth service that
> internal users are redirected to the internal servers and the external
> users are guided to outside servers. 

Set up one or more authoritative servers that provide two views - an
internal and an external view.

Then set up your recursive servers anywhere you like. A recursive
servers you put in the space served by the internal view will get
internally valid responses from your authoritative servers. A recursive
server you place outside the space served by the internal view will get
externally valid responses from your authoritative servers, as will any
other queriers from outside your internal spaces. Queries that don't
involve your domain(s) will go to the wider Internet.

Aside from setting up the appropriate views and siting the authoritative
servers appropriately, you don't need any special configuration for all
this to happen. You don't have to configure the recursive servers in any
way specially either, except to make sure they accept queries only from
your own networks.

Don't set up one server as both a recursive and an authoritative server,
though. Bad idea.

Regards, K.

Karl Auer (kauer at

GPG fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4
Old fingerprint: EC67 61E2 C2F6 EB55 884B E129 072B 0AF0 72AA 9882

More information about the bind-users mailing list