-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 2014-01-31 at 11:10 -0500, Steve Presser wrote: > I'm trying to figure out how to do some sort of pass through > arrangement, where the internal BIND server will first attempt to do > the lookup with local records. If it has no local record, it will then > fall back to the answer returned by the external (zoneedit) server.
You can do this by (ab)using the RPZ functionality. Assuming your internal bind server is only used/accessible by your internal machines, and that all of those internal machines only use your internal BIND server(s), you can: in named.conf: response-policy { zone "rpz.example.com"; }; zone "rpz.example.com" {type master; file "named.rpz.example.com";}; in named.rpz.example.com: internalhost1.example.com A 10.11.12.13 Names like mail.example.com get resolved via your external public name server. However, internalhost1.example.com, which would return nxdomain from the external name server, now returns 10.11.12.13 from your internal server. The advantage here is that you only need to maintain the public data in one place, and the internal overrides in one place. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iEYEARECAAYFAlLr2GYACgkQL6j7milTFsHF4wCfTv2raVzz0rXTuqgCFKS+qigA 0z4Anjvo52lGLo0Do6sasQAdm+PSR9sn =NWZn -----END PGP SIGNATURE----- _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users