On Tuesday 23 July 2013 10:25:51 Alan McKinnon wrote: > What you want to accomplish is cache-poisoning. There's a few ways to do > it, but it's not easy. > > You can load the customized copy of the zone onto the cache that your > internal hosts use, or set up an authoritative internal-only server. > > This stuff gets tricky, every time I have to investigate our setup that > does something similar, I need to work it out in my head all over again. > > The best advice I can give is DO NOT TRY AND ACCOMPLISH THIS WITH ONE > DNS AUTH SERVER THAT SERVES INTERNAL AND EXTERNAL CLIENT. That way lies > a whole lotta pain.
I see. This is a trivial feature in Dnsmasq (that's where I got the idea from), didn't except it to be this complicated in BIND.