[clug] Two networks, separate DNS: Fake Root?
Kevin Pulo
kev at pulo.com.au
Wed May 19 18:50:08 MDT 2010
On Thu, May 20, 2010 at 10:30:03AM +1000, Alex Satrapa wrote:
> No, I'm not looking for "split horizon" DNS which resolves the same
> name to different addresses depending on which side of a network
> border you're querying from. I'm looking for a way to resolve names
> under one TLD from one set of DNS servers (in this case, 1 server),
> and names for every other TLD from the "normal" DNS that every other
> computer on my "normal" network uses.
>
> From memory I could do this using Bind on my local machine to serve
> up a fake root file, which mirrors the normal roots, but knows to
> forward queries for the ".lan" TLD to that server sitting in the
> blue box on my desk.
I use bind on my router at home to do a similar thing. It's setup to
be a normal caching nameserver for stuff it gets from forwarded
requests from my ISP's name servers, but things in the zones that I
have setup in /var/named (ie. machines on the local network) are
resolved locally (ie. it is authoritative for them).
The only difference here would be that for the special case domains,
you want requests forwarded somewhere different, not served from zone
files. I'm not sure how to do that, but I suspect you're right, it
would involve an alternate root zone that points to the .lan name
server.
Maybe something like
options {
forward first;
forwarders { regular_ns_ip1; regular_ns_ip2; ... };
listen-on { 127.0.0.1; };
};
view "all" {
zone "." {
type hint;
file "root.cache";
};
zone ".lan" {
type hint;
file "root.cache.lan";
};
};
where root.cache.lan contains just
a.root-servers.net. 3600000 IN A ip_of_lan_ns
... or something?
Kev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/linux/attachments/20100520/6a69d0e3/attachment.pgp>
More information about the linux
mailing list