I am setting up a cluster of DNS that are soon going to reply to both LAN clients and public internet queries. On the internet is a special network (XX.YY.ZZ.AA/26) that I need to reply differently when querying the public zone ext.net I tried to follow good practices but am still doubting and confused... I decided to point my LAN clients to the recursor and not to dnsdist to ensure a running LAN DNS system if Dnsdist experiences issue.
Am I using a proper way to resolve names differently between the internet and the specific network XX.YY.ZZ.AA/26 ?
Should the requests from XX.YY.ZZ.AA/26 go from dnsdist to the LAN recursor before hitting the auth servers ? (instead of directly from dnsdist to the auth servers)
This is my priv/pub DNS diagram:
Thanks a lot for your comments