Hey there,
I am having an issue forwarding DNS queries and was hoping, that one of you
might be able to help me:
I have the following setup:
DNS-Server reachable from the internet, is authoritative for zone foo.com
DNS-Server reachable only locally, should be authoritative for zone
test.lab.foo.com
What I try to achieve:
When a DNS query from the outside world reaches the first DNS server for a
record belonging to the zone test.lab.foo.com, I want it to make a recursive
request to the second DNS server and then forward the records.
I explicitly don't want to do zone transfers or make the second DNS server
reachable from the internet.
my configuration looks like this: (I only copied the [what I think] important
parts to here, as all the Config would be a few hundret lines (because of split
view and many zones)
On the first DNS-Server
options {
allow-recursion {
localnets;
localhost;
internal;
my-datacenter;
mc-office;
};
};
zone "test.lab.foo.com" {
forward only;
forwarders {
<private IP of second DNS server>;
};
type forward;
};
zone "foo.com" {
file "/etc/bind/zones/foo.com.zone";
type master;
};
My issue:
When I am in a local network, that is whitelisted in the allow-recursion block,
then it works as expected. When I try the DNS lookup from the internet, then i
get a NOERROR with an empty response back.
During debugging, I adjusted the allow-recursion list and added any to it. Then
it was working. But I don't want my DNS server to allow any kind of recursion.
I actually only want "outside" lookups for this one specific zones to be
recursive.
How can I set something like allow-recursion for just one zone?
Thanks a lot already
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
