1

So inside my network, we have a local DNS server (bind9). Let's say our internal zone is veridani.com, when I make local entries such as test.veridani.com it would work normally, and when I'm looking for something that isn't *.veridani.com it would look in 1.1.1.1 which is Cloudflare.

The issue I'm facing is that when I add a public DNS entry in Cloudflare, such as nord.veridani.com, the lookup never resolves to the public IP in CF DNS, and I'd have to add the same DNS entry locally for it to work. PS: The public entry I'm talking about is pointing to an other public IP)

Is there a way for the DNS resolver to look in the public DNS as well even if it's a subdomain of the same network zone (veridani.com)?

Hi There
  • 23
  • 5
  • Using the same domain (rather than a subdomain) for both your internal network and private DNS as well as for your public website always requires some form of double bookkeeping. (As you have discovered.) There is, as far as I am aware at least, no magical solution. See https://serverfault.com/q/76715/546643 (is about AD but basically the same problem.) – Bob Feb 04 '21 at 12:01

1 Answers1

0

A solution might be to set up the domain locally as a policy zone instead of a master zone. As an example, add the following to your named.conf file.

options {
    # Your normal options
    response-policy { zone "veridani_policy"; };
};
zone "veridani_policy" {
    type master;
    file "master/veridani_policy.zone";
    allow-query {none;};
};

Then add a zone file called master/veridani_policy.zone containing the following:

$TTL 24H
@    SOA LOCALHOST. named-mgr.example.com (1 1d 1h 30d 2h)
     NS  LOCALHOST.

test.veridani.com     A   192.168.1.1
Paranoid
  • 121
  • 1
  • 3