-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 2014-01-31 at 11:10 -0500, Steve Presser wrote:
> I'm trying to figure out how to do some sort of pass through
> arrangement, where the internal BIND server will first attempt to do
> the lookup with local records. If it has no local record, it will then
> fall back to the answer returned by the external (zoneedit) server.
You can do this by (ab)using the RPZ functionality.
Assuming your internal bind server is only used/accessible by your
internal machines, and that all of those internal machines only use your
internal BIND server(s), you can:
in named.conf:
response-policy { zone "rpz.example.com"; };
zone "rpz.example.com" {type master; file "named.rpz.example.com";};
in named.rpz.example.com:
internalhost1.example.com A 10.11.12.13
Names like mail.example.com get resolved via your external public name
server. However, internalhost1.example.com, which would return nxdomain
from the external name server, now returns 10.11.12.13 from your
internal server.
The advantage here is that you only need to maintain the public data in
one place, and the internal overrides in one place.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAlLr2GYACgkQL6j7milTFsHF4wCfTv2raVzz0rXTuqgCFKS+qigA
0z4Anjvo52lGLo0Do6sasQAdm+PSR9sn
=NWZn
-----END PGP SIGNATURE-----
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
