have a intenal dns and a external dns with the same domain.

Question

is it possble to have an internal dns with all the internal ip like 192.168.0.0/24 for a domain and an external for the same domain.

i want to have bind resolve all the internal address and if a record is not found forward it to the external dns.

let me illustrate.

domain mydomain.com is hosted in gandi with gandi external dns.. it has the records for mail, www, etc. it is available from anywhere.

on the other side I have an internal dns with the same domain with the internal machines such as nas, raspberry pi etc.

if from the internal network i want to connect to the nas i put nas.mydomain.com it will be resolved by the internal dns but if want to conect to the webmail i will go to mail.mydomain.com.. this record does not exist on the internal dns.. then it should forward the query to the external dns

I have configured bind as a cache/forwarder server with one zone 'mydomain.com' but how forward all queries for mydomain.com for which no record is found in the internal dns

Answer 1

The name of the concept is indeed split DNS or DNS views (as BIND configures them using view statements [documentation]). However, this alone does not answer your question as you want to forward the query from the internal view to the external view if the record does not exist in the internal view. I believe this is not possible. (I also believe this exact question has been asks many times before on ServerFault so you should've done some better searching. But as I myself was not able to find similar questions quickly, I'll forgive you and answer the question here again).

Split DNS is not an exact match for the question you're asking as it assumes you're going to set up a single DNS server which will provide different answers depending on which client (source IP address) asks the question. You want two DNS servers with forwarding between them. So let's give that a shot.

Your internal DNS server will be the master for all internal records and all external records. Your external DNS server -- hosted in a DMZ -- will only be the master for the external records. To avoid having to enter the external on both DNS servers, you should put those in a separate file, rsync that file between both DNS servers, and $INCLUDE [documentation; search for "INCLUDE"] it in both zone files. The internal server will then look something like this:

/etc/bind/named.conf.local

zone "example.com" {
   type master;
   file "/etc/bind/db.example.com";
};

/etc/bind/db.example.com (on the internal DNS server)

example.com.   SOA   ns1.example.com. hostmaster.example.com. (
                            2017030300 ; serial
                            3600       ; refresh
                            1800       ; retry
                            604800     ; expire
                            600 )      ; ttl
               NS   ns1.example.com.
               NS   ns2.example.com.
ns1            A    192.168.0.53
ns2            A    192.168.0.153

$INCLUDE /etc/bind/db.example.com.external

internal1      A    192.168.0.5
internal2      A    192.168.0.12
client5        A    192.168.0.23

/etc/bind/db.example.com.external

This file needs to be synchronized manually or via cron between both DNS servers.

example.com.   A    203.0.113.80
               MX   10 mail.example.com.
mail           A    203.0.113.25
www            A    203.0.113.80

Some things to keep in mind are the SOA and NS records which need to be defined on both DNS servers and need to be specific for the internal or external zone. So everything above the $INCLUDE statement needs to be custom fit for each DNS server. Next both internal and external DNS servers include the external entries. Finally only the internal server specifies the internal records.

A small issue is that you cannot overwrite entries. So if you have a public entry (e.g. www.example.com pointing to 203.0.113.80) but you want to overwrite that for the internal DNS server to point to 192.168.0.80 that this needs to be done by not listing that entry in the shared file but specified separately underneath the $INCLUDE statement on both servers.

Answer 2

Yes, you can have the same domain in the internal dns and in the external dns (but different dns servers). This configuration is called split brain dns.

Please check this