-1

I have a situation where I need to use 4 DNS servers + 1 external server(ISP or 8.8.8.8). While the normal DNS client is only considering the first answer from the DNS Servers whatever that is an IP or Not Found, my request will never "arrive" at the second or third server which is able to provide the right answer.

A little background information:

  • there are 4 fully isolated zones, with it's own DNS server: Subnet 1.1.1.0/24, Domain: domain1.net, DNS Server ns.domain1.net .... Subnet 4.4.4.0/24, Domain: domain4.net, DNS Server ns.domain4.net
  • the right answer is always known by one DNS server only

I have setup some SSH tunnels to each of those zones from one external machine, so I have network connectivity to the DNS servers. But if I put all for dns servers on my /etc/resolv.conf, and look for my-machine.domain4.net I will have problems resolving that request, because the first server asked is ns.domain1.net which will always say Name not found.

I know about dnsmasq, but my example is ultra simplified; while in reality I have 4 zones and hundreds domain+subdomains. Every few days there are additions or deletions to this list of domains, so it would be big pain to manage them by myself in dnsmasq conditional forwarders.

Is there a way to skip "not found" answers and ask the next server?

Windows, Linux, Mac, Docker, Dedicated VM solutions are all good to me.

Thanks

USER_RANDOM_010101NR
  • 1
  • 2
    Fully knowing you won't like to read that, but for "I have a situation where I need to use 4 DNS servers + 1 external server(ISP or 8.8.8.8). " as this is completely unusual for DNS to work like that you might wish intead of trying various workarounds that will break one way or another, to change your DNS setup and use proper delegations that should solve your problem. Otherwise look at `dnsdist` which is very powerful and can be scripted, but yet it still seems wrong way of addressing your problem – Patrick Mevzek Jul 18 '22 at 03:19
  • Your question is also very vague with no actual details. If you have 4 zones, hence 4 sets of authoritative nameservers, all properly delegated from their parent, then any recursive nameserver will properly resolve any records in any of the 4, so it is not even clear why you need a specific setup – Patrick Mevzek Jul 18 '22 at 03:25

1 Answers1

1

Let all DNS servers forward their requests to FQDNs they don't know to the appropriate server(s). There is no "skip-if-I-don't-like-the-answer-and-ask-somebody-else" mode or "random-redirect" in DNS, this would end up in recursive loops pretty quick.

But you can (and should) specify which zones should be redirected where. If you do this in every DNS, every request will be answered correctly.

For example:

  • Subnet1 with domain1.net has DNS which ...
    • Has a forwarding of "domain2.net" to Subnet2's DNS
    • Has a forwarding of "domain3.net" to Subnet3's DNS
    • Has a forwarding of "domain4.net" to Subnet4's DNS
  • Subnet2 with domain2.net has DNS which ...
    • Has a forwarding of "domain1.net" to Subnet1's DNS

... and so on.

In BIND, for example, you would do something like this:

zone "domain2.net" {
    type forward;
    forward only;
    forwarders { 2.2.2.200 };
};
bjoster
  • 4,423
  • 5
  • 22
  • 32