On 02.09.20 15:00, Taylor Vierrether via bind-users wrote:
> I am attempting to set up an internal DNS server that is authoritative for
> internal resources, but also will respond for external resources on the
> same domain that it does not have records for.
>
> For example, I have a domain
sub.example.com , and I want to have internal
> entries in the BIND zone file for
host1.sub.example.com and
>
host2.sub.example.com. That part is working fine. However, there is a
> publicly available DNS entry for
sub.example.com that I want my internal
> clients to be able to resolve, but I don’t want to have the IP in the BIND
> zone file, because the IP is dynamic.
you can delegate that entry elsewhere.
> There are also some hosts (
host3.sub.example.com ) and
> (
host4.sub.example.com) that are externally resolvable that I don’t want
> to put in my internal BIND file because they are not controlled by me.
> (Think CNAME to a SaaS application)
you can delegate those records somewhere.
>I’ve attempted to do this as follows, and it seems to make sense that it
> would work, but it does not.
>
>
>named.conf:
>
>zone “
sub.example.com" IN {
> type master;
> file "/etc/bind/sub.example.com.zone";
> forward first;
> forwarders { 1.1.1.1; 1.0.0.1; };
>};
forwarding is not used for zone other than "type forward".
if you search for "
sub.example.com" record, you can not delegate that one,
of course.
you apparently should use redesign your DNS. Easiest way would be using
different domain internally.
>And if I query for
host3.example.com , I get the following from nslookup:
note that nslookup is very bad program for tracking DNS errors.
use "host" or "dig" for that case.
--
Matus UHLAR - fantomas,
uh...@fantomas.sk ;
http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I just got lost in thought. It was unfamiliar territory.