cache-only with both external and internal dns...

[Ricardo M. Stella]

> Barry Margolin wrote:
>
>>In article <dmo4jj$2guk$1 at sf1.isc.org>,
>> "Ricardo M. Stella" <stella at rider.edu> wrote:
>>
>>
>>
>>>A quick question...
>>>
>>>We have separate internal and external DNS servers.
>>>
>>>We need to set up a cache only DNS server, but when trying to to this
>>>(used RH RPM for it) we are hitting the external DNS servers when
>>>querrying internal records.
>>>
>>>I know I could simply set them up instead as a secondary, but would
>>> there
>>>be a way otherwise ?
>>>
>>>Seems like when I hit any host in mydomain.xxx, it goes out to the root
>>>servers, then comes back.
>>>
>>>
>>
>>Configure a forwarding zone:
>>
>>zone "mydomain.xxx" {
>>  type forward;
>>  forwarders { <addr of internal server>; };
>>};
>>
> Hmmm... I see that Barry and I came up with different responses to this
> post. I guess it all depends on whether the clients in this scenario
> need to resolve Internet DNS names. If they do (e.g. if the firewall
> layer is basically a NAT type), then Barry's solution is correct
> (although "stub" with a "forwarders { }" to selectively disable
> forwarding might be a better way to go, especially if the internal
> server(s) don't support recursion and/or if mydomain.xxx has subzones
> delegated to diverse nameservers). If, on the other hand, the clients
> don't need to resolve Internet DNS names (e.g. the firewall layer is
> more of an application-level proxy type), then my internal-root-oriented
> answer is probably more appropriate.
>
>
>                                                                - Kevin
>
>

Thanks for both answers - I should have mentioned the purpose and might
had make it clearer... It's for anti-spam/virus mail servers, so will not
be accessed by any dns clients.

The stub with forwarders option seems to be the one to suit our needs...

Ricardo.