11

I guess I'm wondering something similar to Can I create DNS records for some hosts, delegate other queries in the same domain to another DNS server?, but I'm hoping I'll get a different answer with BIND.

Basically, I have home.mydomain.tld as a public A record already, that's dynamically updated. I'm wondering if there's some way to simply provide local service to that domain within my home network without overriding it. Really, just local AAAA records. The A records would hopefully come from my router's DNS/DHCP server; it isn't smart enough to know about IPv6 yet.

If not, I guess I can populate the A records semi-automatically every once in a while, but if it's possible to avoid doing that I'd like to try.

Community
  • 1
pioto
  • 331
  • 1
  • 4
  • 13
  • 1
    Read about Bind Views – Lazy Badger Feb 10 '12 at 04:01
  • 5
    @LazyBadger That's not what he's asking, he doesn't want to "override" the external zone. Though that's as close as it gets to what he's asking for. – Chris S Feb 10 '12 at 04:32
  • @ChrisS - how long are **you** in hostmaster business? I'm near 15 years. How *in another form* I can "decode" this dirty request "if there's some way to simply provide local service to that domain within my home network without overriding it" - ie. different RR for hostname depending from client location?! Well, hosts file for all hosts will work also, but it's so stupid – Lazy Badger Feb 10 '12 at 04:54
  • 1
    I will also recommend what I always recommend to anyone with DNS questions: Acquire and read a copy of [The Cricket Book](http://shop.oreilly.com/product/9780596100575.do), which should really be titled "Everything you could possibly want to know about the Domain Name System". – voretaq7 Feb 10 '12 at 05:19
  • 4
    @LazyBadger I'll start by conceding that my opinion of you was *drastically* lowered when you pulled out the "I've been doing this for X years" argument before citing any sort of technical reason you are correct. I'm fairly certain the OP wants to add RRs to an existing external domain *without* duplicating the external records on his internal server/zone. Views don't do that, as someone who's been a hostmaster for 15 years should know (though BIND 9 has only been out for 12 years, so those first 3 obviously don't apply to *views*). – Chris S Feb 10 '12 at 13:35
  • @ChrisS- re-read OP question - he want to have AAAA RR inside LAN for hostname, which have already A RR for external world. It's almost word-by-word quote of OP, eliminating non-technical terms or bad context. When I said about years in business, I say about *-acquired ability to guess what the customer **wanted to say** by **what he said**. It's time-dependent magic – Lazy Badger Feb 10 '12 at 14:10

2 Answers2

4

Of course you can. Any node in the namespace below the zone apex can be a delegation point.

To clarify your question: To the rest of Internet you have, for example:

;; pioto.org. zone
@                   IN A 66.39.110.116
newpair             IN A 66.39.110.116
creandus            IN A 66.39.110.116

But on your LAN, because you're so excited about all of these 1990s innovations and want to start experimenting with them, you want to have:

;; pioto.org. zone
@                   IN A 192.168.100.1
@                   IN AAAA FEC0:0100::1
newpair             IN A 192.168.100.2
newpair             IN AAAA FEC0:0100::2
_http._tcp          IN SRV 10 10 80 @
_http._tcp.newpair  IN SRV 10 10 80 newpair

This is a simple exercise in split-horizon DNS service. Configure an internal content DNS server with the second set of data, and perform the prune-and-graft operation in the appropriate manner, using either stub zones with properly separate servers or views.

Letting parts of the external DNS database be visible internally is — with properly separated content and proxy servers — a simple exercise in delegation on the content server:

;; pioto.org. zone, continued
creandus            IN NS NS1.PAIRNIC.COM.
creandus            IN NS NS2.PAIRNIC.COM.

If you have a combined DHCP-plus-content-DNS service on your router, that knows about leased IP addresses and hostnames, or if you have Microsoft's DNS and DHCP servers on a Windows Server machine, then getting the IP addresses from the combined server is also an exercise in delegation:

;; pioto.org. zone, modified
newpair             IN NS a.ns.newpair ;; replaces the A and AAAA records
a.ns.newpair        IN A 192.168.1.1   ;; IP address of the DHCP+DNS server

The only things that you cannot do are …

  • … use external data for pioto.org. itself. The zone apex cannot be delegated.
  • … retrieve A and AAAA resource records from different content DNS servers.

Further reading

John Gardeniers
  • 27,262
  • 12
  • 53
  • 108
JdeBP
  • 3,970
  • 17
  • 17
  • 2
    While your answer is thorough, you get +10 creepy points for deciding to list actual data that I chose to not provide. – pioto Feb 20 '12 at 20:53
3

It sounds like you have home.mydomain.tld as a public zone and you want to create internal records for PC.home.mydomain.tld, TV.home.mydomain.tld, refrigerator.home.mydomain.tld, etc.?

About the only un-nasty way I can think of to do this without stepping on the home.mydomain.tld domain would be to create x.home.mydomain.tld and put everything under that zone, which is served by your local nameserver.

You COULD create an individual zone for each of PC, TV, refrigerator, etc. above and have your local nameserver only be authoritative for those individual bits, but that means a huge number of one-entry zone files (YUCK!).

Also note that any local zones you create would step on and override any outside DNS server's zones: It's not possible to have the A record for pc.home.mydomain.tld come from one NS and the AAAA record for it come from another: DNS delegates and declares authority by zone name, and that authority is for all record types within that zone.
If a nameserver is told it is authoritative for something and can't find the record it will not forward the query up the DNS tree, it will simply return NXDOMAIN.

voretaq7
  • 79,345
  • 17
  • 128
  • 213
  • If you have your own nameservers authoritative for home.mydomain.tld, you can just script grabbing the external dynamic A record from the external nameserver and stuffing it in to your locally hosted zone. Dirty hack, but it'll do the job. – goo Feb 10 '12 at 09:38
  • I had hoped there was some way that BIND could just do the lookup transparently; I understand you can't have different RR types come from different NSs. But, well, this is probably the closest I can get. Oh well. Thanks. – pioto Feb 10 '12 at 14:10
  • 1
    @pioto Yeah, the DNS was just not designed to handle that. You could of course dive into the guts of BIND and hack it to do this (it *is* an open-source project), but I would consider such efforts to be proof of insanity. :-) – voretaq7 Feb 10 '12 at 18:52