Dear All,
Need your experience advice, We have a BIND9 DNS server that operates both
privately and publicly for the domain example xyz.com. I use the private
DNS for certain secure nodes on our local network. I want all VPN users to
be able to resolve these secure nodes using our local DNS, which is
functioning correctly.
So I force assign all VPN user local DNS so that they can access the secure
records and local DNS can forward their query to public DNS in case the
record is not found in the zone file.
locally everything is working just fine, the issue arises when a VPN user
queries an A record that is on public. For example, if "secure.xyz.com" has
a local entry in the zone file, it works as expected. However, when the
entry is not present, I expect BIND to conditionally forward the query to a
remote DNS server and resolve it for the VPN client. Unfortunately, this is
not happening. BIND only searches for entries that are available in the
local zone file and then times out. Here are my configuration files.
here is my bind config
options {
directory "/var/cache/bind";
recursion yes; // Enable DNS recursion
allow-recursion { localhost; };
//acl trusted { 192.168.1.0/24; };
querylog yes;
allow-transfer { none; }; // Disable zone transfers
by default
allow-query { any; }; // Allow queries from any
IP address
forwarders {
8.8.8.8;
};
dnssec-validation auto;
listen-on-v6 { any; };
};
zone "xyz.com" {
type master;
file "/etc/bind/db.xyz.com";
forwarders {
8.8.8.8;
8.8.4.4; // Additional forwarder (optional)
};
};
Thanks,
Yousuf
