Local resolution first and then public resolution for "google.com" domain

Wed Mar 31 18:17:23 UTC 2021

On 31.03.21 13:57, Roberto Carna wrote:
>But if I want to resolve:
>
>foo.google.com
>
>that doesn't exist in my google.com private zone, I don't obtain any result.

do NOT define private zone "google.com".
configure private zone "www.google.com" that will NOT contain anything other
than www.google.com and below it.

Or, better, install dnsmasq and redefine "www.google.com" via /etc/hosts.

>I need to tell my private BIND to forward to 8.8.8.8 all the received
>*.google.com queries, except www.google.com that is the one locally
>resolved.

there's no point in forwarding from BIND to public nameservers.

>El mié, 31 mar 2021 a las 13:48, Matus UHLAR - fantomas
>(<uhlar at fantomas.sk>) escribió:
>>
>> On 31.03.21 13:07, Roberto Carna wrote:
>> >Dear Matus, maybe I have not understood very well...
>> >
>> >I can setup a master zone as you said:
>> >
>> >zone "www.google.com" {
>> >type master;
>> >file "...";
>> >};
>> >
>> >But what are the needed clauses from Bind's named.conf.options file in
>> >order to tell "if foo.google.com is not present in the google.com
>> >private zone, you have to forward the query to another server (public
>> >forwarder) in order to be publicly resolved" ???
>>
>> that above will cover www.google.com and *.www.google.com
>>
>> >El mié, 31 mar 2021 a las 12:56, Matus UHLAR - fantomas
>> >(<uhlar at fantomas.sk>) escribió:
>> >>
>> >> On 31.03.21 12:49, Roberto Carna wrote:
>> >> >Dear, I have a BIND private DNS server which has two forwarders for
>> >> >public resolution.
>> >> >
>> >> >I need to create a private zone "google.com" with just one A record as follow:
>> >> >
>> >> >www.google.com IN A 192.168.0.100
>> >> >
>> >> >All the local clients will resolve www.google.com to a private address
>> >> >from our company.
>> >> >
>> >> >And for the other google.com records that this private BIND receives
>> >> >and they are not defined in the local private zone, they have to be
>> >> >forwarded to the public forwarders in order to be resolved as normal.
>> >> >
>> >> >Is it possible to have this scenario ???
>> >>
>> >> yes, simply define zone
>> >>
>> >> zone "www.google.com" {
>> >> type master;
>> >> file "...";
>> >> };
>> >>
>> >> note that for this kind setup, using dnsmasq with two forwarders and www.google.com
>> >> overriden through /etc/hosts would be easier solution.

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Nothing is fool-proof to a talented fool.