Hey there, I am having an issue forwarding DNS queries and was hoping, that one of you might be able to help me:
I have the following setup: DNS-Server reachable from the internet, is authoritative for zone foo.com DNS-Server reachable only locally, should be authoritative for zone test.lab.foo.com What I try to achieve: When a DNS query from the outside world reaches the first DNS server for a record belonging to the zone test.lab.foo.com, I want it to make a recursive request to the second DNS server and then forward the records. I explicitly don't want to do zone transfers or make the second DNS server reachable from the internet. my configuration looks like this: (I only copied the [what I think] important parts to here, as all the Config would be a few hundret lines (because of split view and many zones) On the first DNS-Server options { allow-recursion { localnets; localhost; internal; my-datacenter; mc-office; }; }; zone "test.lab.foo.com" { forward only; forwarders { <private IP of second DNS server>; }; type forward; }; zone "foo.com" { file "/etc/bind/zones/foo.com.zone"; type master; }; My issue: When I am in a local network, that is whitelisted in the allow-recursion block, then it works as expected. When I try the DNS lookup from the internet, then i get a NOERROR with an empty response back. During debugging, I adjusted the allow-recursion list and added any to it. Then it was working. But I don't want my DNS server to allow any kind of recursion. I actually only want "outside" lookups for this one specific zones to be recursive. How can I set something like allow-recursion for just one zone? Thanks a lot already _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users