For testing purposes just added a zone as follows
zone "www.dominio.edu.ar" {
type forward;
forward only;
forwarders { XXX.XXX.XXX.XXX; };
};
and this is what I've got
root@nssv:~# dig www.dominio.edu.ar
; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> www.dominio.edu.ar
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40661
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: f60b7a2ec47397c2062ec9cb610857290d2614d7782ddcae (good)
;; QUESTION SECTION:
;www.dominio.edu.ar. IN A
;; AUTHORITY SECTION:
dominio.edu.ar. 86400 IN SOA nssv.dominio.edu.ar.
informatica.dominio.edu.ar. 2021072001 28800 7200 2419200 86400
;; Query time: 0 msec
;; SERVER: 192.168.8.17#53(192.168.8.17)
;; WHEN: lun ago 02 17:35:53 -03 2021
;; MSG SIZE rcvd: 125
But, If I make an explicit request to the public server the answer is
the right one
root@nssv:~# dig www.dominio.edu.ar @XXX.XXX.XXX.XXX
; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> www.dominio.edu.ar
@XXX.XXX.XXX.XXX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10953
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: b0109e795ed8a84632e9bcf26108575a20463923d764104e (good)
;; QUESTION SECTION:
;www.dominio.edu.ar. IN A
;; ANSWER SECTION:
www.dominio.edu.ar. 3600 IN A XXX.XXX.XXX.XXX
;; AUTHORITY SECTION:
dominio.edu.ar. 3600 IN NS ns1.dominio.edu.ar.
dominio.edu.ar. 3600 IN NS ns2.dominio.edu.ar.
;; ADDITIONAL SECTION:
ns1.dominio.edu.ar. 3600 IN A XXX.XXX.XXX.XXX
ns2.dominio.edu.ar. 3600 IN A XXX.XXX.XXX.XXY
;; Query time: 33 msec
;; SERVER: XXX.XXX.XXX.XXX#53(XXX.XXX.XXX.XXX)
;; WHEN: lun ago 02 17:36:42 -03 2021
;; MSG SIZE rcvd: 156
El 2021-08-02 17:06, Daniel Armando Rodriguez via bind-users escribió:
Was wondering If would be possible to setup a forwarding scheme just
for some subdomains, I emphasize the fact that master is publicly
accesible and current need is to locally resolv a bunch of subdomains
of the same zone. I think image attached in previuos message is pretty
explanatory, but currently my setup doen not work as (I) expected.
I attach a picture to best describe where I'm standed at.
https://i.postimg.cc/x8PKnz53/ejemplo-com.png
Currently disabled the SH setup to let just an authoritative DNS for
local resolution. Following the example, any request made from PC1 to
sys4/sys5/sys6 have no issues. However, if such host makes a request
to sys1/sys2/sys2 just get a time out response.
Any other query to outside, let's say google.com or whatever, works
just fine.
El lun, 26 jul 2021 a las 13:29, Sten Carlsen (<stenc at
s-carlsen.dk>>) escribió:
Hi
I am running just that setup.
This may not scale well enough for your needs.
I have one server with two views, one internal and one external.
The external view is the hidden master for a number of public
servers. All going through the relevant delegations. This is only
authoritative.
The internal view is selected by the client address and master files
for the same domain but with my internal addresses. This is recursing
and will answer from the master files for those domains and will
recurse for any other query.
This has served me well and e.g. I get the internal address for the
mail server if I query from an internal address and I get the public
address if I query from an external address.
This setup means that mail clients will make a lookup of the same
name always and if at home get the internal address and if outside
get the public address.
There is often a recommendation to use different domains, e.g.
xxx.example.com for public addresses and xxx.internal.example.com for
the same servers internal addresses. This is not very useful since
e.g. a mail client would have to know about two different server
names - with split horizon I can use the same name always.
--
Best regards
Sten Carlsen
A pessimist is a person that can find a problem for every solution.
On 26 Jul 2021, at 15.55, Daniel A. Rodriguez
<daniel.armando.rodriguez at gmail.com>> wrote:
Hi there,
Currently have a public DNS up & runnin' but, due to brand new
location, there's a need to add local resolution.
With that in mind, first idea was to deploy a split horizon setup.
Sadly just local resolution works so far. Double check config but
currently I'm stuck with this situation.
Was wondering if having the same zone both public and private, but
with different records, could be an issue. Master for the zone is
public, of course, and the private one -as mentioned- has a different
set of records just for lan hosts. Idea was to go out just when a
query for a public subdomain is requested, but that desn't seem to
work.
Both forwarders option and recursion are enabled.
Any hint will be much appreciated.
_______________________________________________
Daniel A. Rodriguez
Informática, Conectividad y Sistemas
Universidad Nacional del Alto Uruguay
San Vicente - Misiones - Argentina
www.unau.edu.ar
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
