Bind-DNS: Use a public domain as internal zone, but lookup unknown subdomains on a public dns server
by dr-ing from LinuxQuestions.org on (#56JME)
Hello,
as mentioned in the title I use Bind-DNS as my local DNS server.
For this I have two zones, example.local and example.com.
The second one is actually my public domain name, but I use it for a few internal subdomains so that my publicly valid wildcard certificate is valid and the internal subdomains thus have an SSL certificate accepted by all devices and browsers (which I need for a few devices that only accept a valid SSL certificate).
The problem is: Since I have the example.com zone, it resolves the registered hosts (local.example.com,int.example.com), but not the public hosts that I have registered over my domain name provider, for example: example.com or ext.example.com, because they are probably not included in the zone file. If I add them as well, my bind-dns server can resolve them without problems.
My "goal" is that if bind-dns cannot find the subdomain in the zone files, it will forward the request to a public dns server (which I have configured in the named.conf.options file?)
The example.com zone looks similar to this:
Code:;
;
$TTL 86400
;
@ IN SOA example.com. admin.example.com. (
2020071401 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
86400 ) ; Negative Cache TTL
; name servers
IN NS ns1.example.com.
;
; A records
local.example.com. IN A 10.0.100.2
int.example.com. IN A 10.0.100.3My named.conf.local:
Code:// example.com
zone "example.com" {
type master;
file "/var/cache/bind/db.example.com";
};And my named.conf.options:
Code:acl "trusted" {
10.0.100.0/24;
};
options {
directory "/var/cache/bind";
recursion yes;
allow-recursion { trusted; };
listen-on { 127.0.0.1; 172.24.0.2; };
allow-transfer { none; };
forwarders {
1.1.1.1;
8.8.8.8;
1.0.0.1;
8.8.4.4;
};
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { none; };
};TIA,
dr-ing.
as mentioned in the title I use Bind-DNS as my local DNS server.
For this I have two zones, example.local and example.com.
The second one is actually my public domain name, but I use it for a few internal subdomains so that my publicly valid wildcard certificate is valid and the internal subdomains thus have an SSL certificate accepted by all devices and browsers (which I need for a few devices that only accept a valid SSL certificate).
The problem is: Since I have the example.com zone, it resolves the registered hosts (local.example.com,int.example.com), but not the public hosts that I have registered over my domain name provider, for example: example.com or ext.example.com, because they are probably not included in the zone file. If I add them as well, my bind-dns server can resolve them without problems.
My "goal" is that if bind-dns cannot find the subdomain in the zone files, it will forward the request to a public dns server (which I have configured in the named.conf.options file?)
The example.com zone looks similar to this:
Code:;
;
$TTL 86400
;
@ IN SOA example.com. admin.example.com. (
2020071401 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
86400 ) ; Negative Cache TTL
; name servers
IN NS ns1.example.com.
;
; A records
local.example.com. IN A 10.0.100.2
int.example.com. IN A 10.0.100.3My named.conf.local:
Code:// example.com
zone "example.com" {
type master;
file "/var/cache/bind/db.example.com";
};And my named.conf.options:
Code:acl "trusted" {
10.0.100.0/24;
};
options {
directory "/var/cache/bind";
recursion yes;
allow-recursion { trusted; };
listen-on { 127.0.0.1; 172.24.0.2; };
allow-transfer { none; };
forwarders {
1.1.1.1;
8.8.8.8;
1.0.0.1;
8.8.4.4;
};
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { none; };
};TIA,
dr-ing.