2 dns records for same server

Michael Hoskins (michoski) michoski at cisco.com
Sat Aug 18 18:43:41 UTC 2012 

-----Original Message-----

From: Dwayne Hottinger <dhottinger at harrisonburg.k12.va.us>
Date: Saturday, August 18, 2012 5:49 AM
To: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
Subject: 2 dns records for same server

>I need to have 2 seperate dns records for the same servername.
>Essentially when inside my network (10.)  I need it to resolve to a 10.
>ip address.  When outside it needs to resolve to my public ip.
>Everything Ive done so far with my dns records has returned
> 2 ip's.  In otherwords when doing a host servername or nslookup
>servername I get both the external and internal ip's of the server.  This
>seems to be causing issues with the applicatons on the server.  Some
>computers inside my network are trying to connect
> to the public ip (which is being natted from my firewall), those that
>are connecting are extremely slow.  The slowness leads me to believe that
>they are first trying the public ip before hitting the private.
>
>
>My dns is setup with a dns server inside my network (serving the 10) and
>2 dns servers for my public ip's.    My lan is setup that each of my
>sites (schools) are in a different dns zone.  What I want to happen is
>the url or name of the server to be the
> same regardless of where the user is either inside or outside my
>network.   
>
>
>So far I have tried setting up a seperate zone file for my internal dns
>and adding the entry to my external like I normally do.  This is what
>resolves with 2 ip's.   Is there anyway to get my dns servers to do this?
> 

As others have mentioned, you need views.  You're on the right track with
two zone files, but need a bit more configuration.  Ultimately you'll want
to read over the ARM for more detail on views and other available options
before running a name server (especially one that's publicly exposed), but
here are the key points:

options {
	directory "/etc/namedb";
	listen-on {
		a.b.c.d; # external IP
		e.f.g.h; # internal IP
	};
	empty-zones-enable yes;
};

# acls, etc. now shown here
include "common.conf";

view "external" in {
	match-destinations { a.b.c.d; };
	notify-source a.b.c.d;
	transfer-source a.b.c.d;
	query-source a.b.c.d;
	allow-transfer { transfer; };
	allow-query { trusted; };  # or any
	recursion yes;  # or no
	allow-recursion { trusted; };  # or none
	zone "." in { type hint; file "named.root"; };
	include "external_master.conf";
	include "external_slave.conf";
};

view "internal" in {
	match-destinations { e.f.g.h; };
	transfer-source e.f.g.h;
	query-source e.f.g.h;
	allow-transfer { transfer; };
	allow-query { trusted; };
	recursion yes;
	allow-recursion { trusted; };
	zone "." in { type hint; file "named.root"; };
	include "internal_master.conf";
	include "internal_slave.conf";
};

Then in your included *.conf files make sure your external and internal
zones point to different zone files like
/etc/namedb/internal/{master,slave}/* and
/etc/namedb/external/{master,slave}/*.


http://ftp.isc.org/isc/bind9/cur/9.9/doc/arm/Bv9ARM.ch06.html#view_statemen
t_grammar

More information about the bind-users mailing list