Authoritative for one domain, caching for the rest

Olivier oza.4h07 at gmail.com
Wed Mar 24 16:08:24 UTC 2021


Hello

After reading [1]and many trials, I couldn't figure how to set a Bind9
(9.11.5 on Debian Buster) server to operate this way:

- server has two Ethernet interfaces, one connected to foo.lan/
192.168.51.0/24 domain/network, the other connected to bar.lan/
192.168.43.0/24 domain/network
- I want it to resolve for bar.lan and for anything to query a DNS server
available on foo.lan.

My anonymized /etc/bind/named.conf.local content is:

acl "good-guys" {
   localnets;
};

zone "bar.lan" {
   type master;
   file "/etc/bind/db.bar.lan";
   forwarders {};
   allow-query { "good-guys"; };
};

zone "43.168.192-in-addr.arpa" {
   type master;
   file "/etc/bind/rev.43.168.192.in-addr.arpa";
   forwarders {};
};

zone "foo.lan" {
   type master;
   file "/etc/bind/db.foo.lan";
   forwarders { 192.168.51.1; };
};

zone "51.168.192-in-addr.arpa" {
   type master;
   file "/etc/bind/rev.51.168.192.in-addr.arpa";
   forwarders { 192.168.51.1; };


Resolution works for:
bar.lan,
google.com
host1.foo.lan if entry present in /etc/bind/db.foo.lan
but it does not work for:
host2.foo.lan if entry not present in /etc/bind/db.foo.lan

[1]
https://bind9.readthedocs.io/en/latest/configuration.html#sample-configurations

Best regards

PS: Bind9 9.16.11 is present in Buster Backports. Is worth installing it ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210324/604fb8f0/attachment.htm>


More information about the bind-users mailing list