2 dns records for same server
Michael Hoskins (michoski)
michoski at cisco.com
Sat Aug 18 18:43:41 UTC 2012
-----Original Message-----
From: Dwayne Hottinger <dhottinger at harrisonburg.k12.va.us>
Date: Saturday, August 18, 2012 5:49 AM
To: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
Subject: 2 dns records for same server
>I need to have 2 seperate dns records for the same servername.
>Essentially when inside my network (10.) I need it to resolve to a 10.
>ip address. When outside it needs to resolve to my public ip.
>Everything Ive done so far with my dns records has returned
> 2 ip's. In otherwords when doing a host servername or nslookup
>servername I get both the external and internal ip's of the server. This
>seems to be causing issues with the applicatons on the server. Some
>computers inside my network are trying to connect
> to the public ip (which is being natted from my firewall), those that
>are connecting are extremely slow. The slowness leads me to believe that
>they are first trying the public ip before hitting the private.
>
>
>My dns is setup with a dns server inside my network (serving the 10) and
>2 dns servers for my public ip's. My lan is setup that each of my
>sites (schools) are in a different dns zone. What I want to happen is
>the url or name of the server to be the
> same regardless of where the user is either inside or outside my
>network.
>
>
>So far I have tried setting up a seperate zone file for my internal dns
>and adding the entry to my external like I normally do. This is what
>resolves with 2 ip's. Is there anyway to get my dns servers to do this?
>
As others have mentioned, you need views. You're on the right track with
two zone files, but need a bit more configuration. Ultimately you'll want
to read over the ARM for more detail on views and other available options
before running a name server (especially one that's publicly exposed), but
here are the key points:
options {
directory "/etc/namedb";
listen-on {
a.b.c.d; # external IP
e.f.g.h; # internal IP
};
empty-zones-enable yes;
};
# acls, etc. now shown here
include "common.conf";
view "external" in {
match-destinations { a.b.c.d; };
notify-source a.b.c.d;
transfer-source a.b.c.d;
query-source a.b.c.d;
allow-transfer { transfer; };
allow-query { trusted; }; # or any
recursion yes; # or no
allow-recursion { trusted; }; # or none
zone "." in { type hint; file "named.root"; };
include "external_master.conf";
include "external_slave.conf";
};
view "internal" in {
match-destinations { e.f.g.h; };
transfer-source e.f.g.h;
query-source e.f.g.h;
allow-transfer { transfer; };
allow-query { trusted; };
recursion yes;
allow-recursion { trusted; };
zone "." in { type hint; file "named.root"; };
include "internal_master.conf";
include "internal_slave.conf";
};
Then in your included *.conf files make sure your external and internal
zones point to different zone files like
/etc/namedb/internal/{master,slave}/* and
/etc/namedb/external/{master,slave}/*.
http://ftp.isc.org/isc/bind9/cur/9.9/doc/arm/Bv9ARM.ch06.html#view_statemen
t_grammar
More information about the bind-users
mailing list