Define an internal zone with only a couple of A records, then forward to an external dns server

Alberto Zanon alberto.zanon at edistar.com
Thu Jan 17 16:08:41 UTC 2013 

Thank you for all your replies! 

I'll try to implement your suggestions using a subdomain. 



Best regards. 

Alberto Zanon 


----- Messaggio originale -----
Da: "Ben Croswell" <ben.croswell at gmail.com> 
A: "Alberto Zanon" <alberto.zanon at edistar.com> 
Cc: bind-users at lists.isc.org 
Inviato: Giovedì, 17 gennaio 2013 16:21:36 
Oggetto: Re: Define an internal zone with only a couple of A records, then forward to an external dns server 



If you load the zone your server will believe it knows everything about the zone and not forward anything below it. 

If you load foo.com with two records, nothing but those two records will ever resolve on that server for foo.com . 

One way to make it work would be to load two zones. Vpn1.foo.com and vpn2.foo.com each with their A records. Then you would only blackhole things below vpn1.foo.com and vpn2.foo.com . 
On Jan 17, 2013 10:09 AM, "Alberto Zanon" < alberto.zanon at edistar.com > wrote: 




Hi all, 

I googled all the morning without success :( I'm using Bind 9.9.1 and i'm a newbie of Bind. This is my goal: 

- I want to define in my dns server a zone " external_partner.com ", which is the domain of our partner who manages it with his dns public server " dns.external_partner.com ". 
- I need to define into this zone a couple of servers ("vpn_host_1. external_partner.com ", " vpn_host_2. external_partner.com ") because we connect via vpn to our partner. 
- I want that the rest of the names, e.g. " www.external_partner.com ", are resolved forwarding the requests to the dns of our partner. 

I tried this without success: 

- in "named.conf": 

zone " external_partner.com " { type master; file "master/ external_partner.com .zon"; forwarders {xxx.xxx.xxx.xxx;}; }; 

and I have "recursion yes" in the options. 


- in " external_partner.com .zon" I have only the two entries: 

$TTL 300 
@ IN SOA dns.edistar.com . admin.dns.edistar.com . ( 
2013011701 ; Serial 
300 ; Refresh 
300 ; Retry every hour 
300 ; Expire after a week 
300 ) ; Minimum ttl of 1 day 

IN NS dns.edistar.com . 
TXT "vpn servers" 


vpn_host_1. external_partner.com . IN A xxx.xxx.xxx.xxx 
vpn_host_2. external_partner.com . IN A xxx.xxx.xxx.xxx 


I read about "forward first" option but is the opposite of my goal, correct? 




Thanks in advance for your responses. 


Alberto Zanon 


_______________________________________________ 
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list 

bind-users mailing list 
bind-users at lists.isc.org 
https://lists.isc.org/mailman/listinfo/bind-users 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130117/bbc333bc/attachment.html>

More information about the bind-users mailing list