0

I have setup BIND9 to resolve domain names used by my work group, it contains:

  • public domain names: *.my-company.com
  • our own TLD *.top

but I don't know how to setup clients to add an extra DNS server.

I'll call my DNS server as DNS-mine, and the default DNS servers returned from ADSL as DNS-system.

I must not forward DNS-system through DNS-mine for network-speed reasons and user preferences. (Users are distributed over the world, and DNS-mine is sat in US).

I have tried several ways, as follows:

  1. Add IP4 of DNS-mine (1.2.3.4) to resolv.conf:

    nameserver 8.8.8.8   # DNS-system
nameserver 1.2.3.4   # DNS-mine

    however, DNS-mine is never queried. as resolv.conf(5) said the second nameserver is only queried when the first one was timeout, however DNS-system here does never timeout.

    and resolv.conf is reset by network manager, too.

  2. Add zone '*.top.my-company.com' to DNS-mine, and make it the same as .my-company.com zone. Then Change /etc/hostname to a1.my-company.com, a2.my-company.com, etc. in each client. This works as:

    www.top -> www.top.my-company.com == www.my-company.com

    However, I must add all client host names in DNS-mine at the same time, otherwise the client stucks:

    127.0.0.1 a1.my-company.com
127.0.0.1 a2.my-company.com
127.0.0.1 a3.my-company.com

    The clients don't have WAN IP(s), as they are behind the firewall. And new clients may join in in any time.

  3. The same as above, but don't change /etc/hostname, add to /etc/resolv.conf instead:

    domain my-company.com

    This works very well, however, the /etc/resolv.conf file is automatically reset by network manager.

  4. Add all names *.top to /etc/hosts file, then just ignore DNS-mine, this works very well, but hard to maintain.

Xiè Jìléi
  • 782
  • 7
  • 13
  • 27

3 Answers3

2

In order to add a new TLD that ICANN doesn't yet recognize (like you are) you have to put a DNS server that considers itself authoritative in the DNS resolution chain. In practice, this means the first hop. In order to use your *.top domain internally, you will have to either point all of your clients at your own DNS server, or maintain /etc/hosts files. One of the two.

As for top.my-domain.com, you have some options. Whichever DNS servers are authoritative for my-domain.com (you don't say) will be able to also serve up top.my-domain.com. This may be your best bet for simplicity's sake. Have your (presumed) DNS hosting service add that subdomain and add the entries you need.

However, hosting a local DNS server is not a bad idea at all really. They're called a Caching DNS server and cache resolved names so they can be retrieved faster than they would be pulling from the Internet. If you add your *.top domain to it, it'll provide all of your needs.

sysadmin1138
  • 131,083
  • 18
  • 173
  • 296
0

I would setup all the work group computers to query your DNS server, if your server doesn't know the answer to a query, then have the DNS server forward it to an Internet DNS server. That way you can have your special domains (or override/filter) domains the Internet DNS servers would resolve.

I use DHCP to push out my DNS settings, but any method that works, works.

Scott McClenning
  • 641
  • 4
  • 7
  • As I mentioned, I can't forward `DNS-default` through `DNS-mine` for network-speed reasons. The workgroup computers are distributed but not centralized in an office and within a same LAN. – Xiè Jìléi Sep 26 '10 at 23:43
0

All you need to do is delegate *.top.my-company.com NS lookups to your custom DNS-mine server. No changes are needed to the clients, it's a referring looking.

DNS-default

top  IN  NS  DNS-mine.my-company.com

This has all been answered in detail here:

How exactly should I set up DNS to delegate authority for subdomains?

Community
  • 1
  • I think you may misunderstand that, I didn't describe it so clearly, The `DNS-default` is the DNS server returned from ADSL(commonly it's a local caching DNS) or set by client manually, e.g. Google DNS (8.8.8.8) or OpenDNS(208.67.222.222). To clarify it, I renamed `DNS-default` to `DNS-system`. – Xiè Jìléi Sep 26 '10 at 23:50