Multisite deployment issue

Daniel Armando Rodriguez drodriguez at
Mon Aug 2 20:42:49 UTC 2021

For testing purposes just added a zone as follows

zone ""  {
    type forward;
    forward only;
    forwarders { XXX.XXX.XXX.XXX; };

and this is what I've got

root at nssv:~# dig

; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40661
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 4096
; COOKIE: f60b7a2ec47397c2062ec9cb610857290d2614d7782ddcae (good)
;		IN	A

;; AUTHORITY SECTION:		86400	IN	SOA 2021072001 28800 7200 2419200 86400

;; Query time: 0 msec
;; WHEN: lun ago 02 17:35:53 -03 2021
;; MSG SIZE  rcvd: 125

But, If I make an explicit request to the public server the answer is 
the right one

root at nssv:~# dig @XXX.XXX.XXX.XXX

; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> 
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10953
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

; EDNS: version: 0, flags:; udp: 4096
; COOKIE: b0109e795ed8a84632e9bcf26108575a20463923d764104e (good)
;		IN	A




;; Query time: 33 msec
;; WHEN: lun ago 02 17:36:42 -03 2021
;; MSG SIZE  rcvd: 156

El 2021-08-02 17:06, Daniel Armando Rodriguez via bind-users escribió:
> Was wondering If would be possible to setup a forwarding scheme just
> for some subdomains, I emphasize the fact that master is publicly
> accesible and current need is to locally resolv a bunch of subdomains
> of the same zone. I think image attached in previuos message is pretty
> explanatory, but currently my setup doen not work as (I) expected.
>> I attach a picture to best describe where I'm standed at.
>> Currently disabled the SH setup to let just an authoritative DNS for
>> local resolution. Following the example, any request made from PC1 to
>> sys4/sys5/sys6 have no issues. However, if such host makes a request
>> to sys1/sys2/sys2 just get a time out response.
>> Any other query to outside, let's say or whatever, works 
>> just fine.
> El lun, 26 jul 2021 a las 13:29, Sten Carlsen (<stenc at
>>>) escribió:
>>> Hi
>>> I am running just that setup.
>>> This may not scale well enough for your needs.
>>> I have one server with two views, one internal and one external.
>>> The external view is the hidden master for a number of public 
>>> servers. All going through the relevant delegations. This is only 
>>> authoritative.
>>> The internal view is selected by the client address and master files 
>>> for the same domain but with my internal addresses. This is recursing 
>>> and will answer from the master files for those domains and will 
>>> recurse for any other query.
>>> This has served me well and e.g. I get the internal address for the 
>>> mail server if I query from an internal address and I get the public 
>>> address if I query from an external address.
>>> This setup means that mail clients will make a lookup of the same 
>>> name always and if at home get the internal address and if outside 
>>> get the public address.
>>> There is often a recommendation to use different domains, e.g. 
>>> for public addresses and for 
>>> the same servers internal addresses. This is not very useful since 
>>> e.g. a mail client would have to know about two different server 
>>> names - with split horizon I can use the same name always.
>>> --
>>> Best regards
>>> Sten Carlsen
>>> A pessimist is a person that can find a problem for every solution.
>>> On 26 Jul 2021, at 15.55, Daniel A. Rodriguez 
>>> <daniel.armando.rodriguez at>> wrote:
>>> Hi there,
>>> Currently have a public DNS up & runnin' but, due to brand new
>>> location, there's a need to add local resolution.
>>> With that in mind, first idea was to deploy a split horizon setup.
>>> Sadly just local resolution works so far. Double check config but
>>> currently I'm stuck with this situation.
>>> Was wondering if having the same zone both public and private, but
>>> with different records, could be an issue. Master for the zone is
>>> public, of course, and the private one -as mentioned- has a different
>>> set of records just for lan hosts. Idea was to go out just when a
>>> query for a public subdomain is requested, but that desn't seem to
>>> work.
>>> Both forwarders option and recursion are enabled.
>>> Any hint will be much appreciated.

Daniel A. Rodriguez
Informática, Conectividad y Sistemas
Universidad Nacional del Alto Uruguay
San Vicente - Misiones - Argentina

More information about the bind-users mailing list