0

I'm having trouble trying to find anything on the internet explaining how to do this...

I'm running Ubuntu 14.04 with repository current Bind9

I have a authoritative DNS server hosting my domain and my web/mail server on my network behind a single static external IP address that is shared by all the other computers in the building.

I have a DNS caching setup on a 2nd machine for all my out going DNS requests and I would like it so that when I type www.my.domain, the DNS cache will give the internal IP of the web-server instead of the external IP.

I haven't been about to find any information on how to do this, but I don't think I'm searching for the correct terminology.

i tried just adding the addresses to the /etc/hosts file and this doesn't work for the rest of the network.

i don't know where to look from here, can anyone point me in the correct direction.

thanks.

Andrew B
  • 31,858
  • 12
  • 90
  • 128
RandomOzzy
  • 111
  • 3

2 Answers2

1

The search term you're looking for is "split DNS" or "split views". It's generally regarded as a bad idea due to the management headaches that end up being created by it in the long term.

You may wish to consider creating a privately forwarded subdomain that is not exposed on the internet. (i.e. int.example.com, something under a domain you own) Put your DNS records for private IP addresses in this domain. It will not solve the problem of making www.example.com selectively return the private IP -- this should usually be solved on individual systems -- but it will at least give you dedicated DNS records for your private network.

Andrew B
  • 31,858
  • 12
  • 90
  • 128
  • this certainly solves some of my problem, but i use virtual hosting for multiple sites.. ie: training.my.domain, webmail.my.domain, www.my.domain. i supose i can put up with it... i was just hoping i had a solution – RandomOzzy Jul 17 '14 at 02:25
  • I've had to use it before and it works fine. I'm not sure what management headaches Andrew is referring to. – hookenz Jul 17 '14 at 02:56
  • I use split DNS for my home and work network. If the volume of records is small it's not horrible to manage, but you gave to remember... – uSlackr Jul 17 '14 at 03:01
  • if the private network does not have internet access, why not just overload the A address for www.my.domain so that it has two A addresses: the internal, and the external. the browser should discard the internal IP, and fail over to the public IP. and vice versa. so long as you use a private IP in a Subnet that is not commonly used by LANs, things should be fine? – RapidWebs Jul 17 '14 at 06:36
  • @RapidWebs An application doing anything other than using the first DNS record returned in a round robin set is implementation specific behavior. You never rely on implementation specific behavior in production. Also see: http://superuser.com/questions/615302/apache-dns-resolves-slow-on-route53-configuration/615303#615303 – Andrew B Jul 17 '14 at 19:52
  • @AndrewB any browser designed in the last 10 years will elect to use a substitute IP address from DNS in the round robin fashion, as set out by RFC 1794. even telnet will make use of multiple A records, via getaddrinfo(). while i agree that this is not the most elegant solution, and split DNS would be the most sophisticated: using bind's rrset-order feature, you can hand out the public IP first, preventing the delay on the internet side, and any intranet users will successfully fail over, resolving to the private IP, which could be cached for a long period of time using a high TTL. – RapidWebs Jul 18 '14 at 01:16
  • @RapidWebs RFC1794 is Informational, not a Standard. Beyond that I will be repeating myself, so I bow out here. – Andrew B Jul 18 '14 at 03:05
0

You can use Unbound which supports exactly what you want to do. It would replace BIND, and your configuration would look something like this;

local-zone: "example.com." transparent local-data: "server1.example.com. IN A 192.168.0.10" local-data: "server2.example.com. IN A 192.168.0.11" local-data: "serverN.example.com. IN A 192.168.0.12"

What this does;

  1. Define the zone 'example.com'.
  2. transparent refers to a mode that will pass through to external/forwarder nameservers if it doesn't have a local-data record that matches.
  3. local-data defines the records you'd like to override internally. server1.example.com could have an external IP address of 1.2.3.4, but to any clients using this DNS server, it would appear to them as 192.168.0.10.

I've used this several times before on large office networks, and it works flawlessly. You can also define many local-zone definitions to override as many domains as you would like.

dannosaur
  • 953
  • 5
  • 15