Questions tagged [split-dns]

In computer networking, split-horizon DNS, split-view DNS, split-brain DNS, or split DNS is the facility of a Domain Name System (DNS) implementation to provide different sets of DNS information, selected by, usually, the source address of the DNS request.

This facility can provide a mechanism for security and privacy management by logical or physical separation of DNS information for network-internal access (within an administrative domain, e.g., company) and access from an unsecure, public network (e.g. the Internet).

Implementation of split-horizon DNS can be accomplished with hardware-based separation or by software solutions. Hardware-based implementations run distinct DNS server devices for the desired access granularity within the networks involved. Software solutions use either multiple DNS server processes on the same hardware or special server software with the built-in capability of discriminating access to DNS zone records. The latter is a common feature of many server software implementations of the DNS protocol (cf. Comparison of DNS server software) and is sometimes the implied meaning of the term split-horizon DNS, since all other forms of implementation can be achieved with any DNS server software.

Reference - Wikipedia

58 questions

votes

3 answers

Naming a new Active Directory forest - why is split-horizon DNS not recommended?

Hopefully, we all know what the recommendations for naming an Active Directory forest are, and they're pretty simple. Namely, it can be summed up in a single sentence. Use a subdomain of an existing, registered domain name, and pick one that's not…

asked Jan 16 '14 at 17:01

HopelessN00b

53,385
32
133
208

votes

1 answer

Are Windows 2016 DNS Policies / Split DNS possible on AD integrated zones with older DCs?

Windows Server 2016 supports DNS Policies, which provide support for split-brain DNS among other scenarios: You can configure DNS policies to specify how a DNS server responds to DNS queries. DNS responses can be based on client IP address …

domain-name-system active-directory windows-server-2016 split-dns dns-policies

asked Oct 25 '16 at 21:02

briantist

2,535
18
34

votes

2 answers

Updates to a BIND dynamic zone that is shared between views delayed

Here's the quick and dirty: On BIND9 with a dynamic zone that's shared between views, doing a nsupdate, updating/creating/deleting a record will work fine if I query for that record from a client that falls into the same view I did the nsupdate…

bind dynamic-dns split-dns

asked May 01 '14 at 13:56

enragedSquirrel

votes

4 answers

Zone transfers on a split-view Bind DNS system

I have a 2-server BIND 9 setup. Server A (the 'master' server) is properly setup with two views, one for local DNS clients (allowing recursive lookups for non-authorotive domains) and one view for the rest of the world, allowing only queries for…

bind split-dns

asked Jul 05 '10 at 09:58

Taco Scargo

votes

5 answers

Windows 10 Always On VPN, Split DNS, NRPT, and how to configure which DNS server is used?

Here's the setup: Windows 10 1803 clients Server 2012R2 RRAS server Always On VPN device tunnel setup per these instructions, with split tunneling. Device VPN only has routes to 1 DC/DNS server, and our configuration manager server, so it can be…

vpn windows-10 internal-dns split-dns split-tunnel

asked Aug 10 '18 at 21:27

Grant

17,671
14
69
101

votes

2 answers

Microsoft DNS: Provide different answers per-src-subnet to same query - do I need full split horizon/brain?

I have a network with two vlans, both of which refer to my AD server(s) for DNS. Some servers on this network are multi-homed. Lets say we have the two subnets A: 192.168.7.0/24 and B: 192.168.5.0/24. Then we have a server whose hostname is…

windows-server-2008 active-directory internal-dns split-dns

asked Sep 20 '11 at 09:05

Tom Newton

4,021
2
23
28

votes

2 answers

Can an authorative DNS server be configured to recurse when unable to find record locally?

Hopefully this is possible to do. The question Is it possible to configure a DNS server that is authorative for a given domain, to "fallback" and recurse via Forwarders / Root Hints when it cannot find the record locally? The scenario To give a…

domain-name-system active-directory windows-server-2016 internal-dns split-dns

asked Mar 06 '19 at 12:49

Jaans

votes

2 answers

Split-DNS on Windows

I have an internal network in which all services are registered under a internal domain (e.g.: coolcorp.io). When users connect to the VPN, I want them to be able to resolve the internal services in *.coolcorp.io, without having any other "public"…

windows domain-name-system vpn internal-dns split-dns

asked Oct 20 '17 at 21:18

greenboxal

votes

1 answer

Can I use server 2016 DNS policies to return alternative IPs but only for some records in a domain?

I need to provide a kind of DNS split-brain scenario with two key goals: "special" DNS clients (based on their subnet) must resolve certain A records in one domain to different IP addresses than the rest of clients all other records in the same…

domain-name-system windows-server-2016 split-dns dns-policies

asked Mar 05 '18 at 23:48

StepCZ

votes

2 answers

Split DNS - Cleanest solution for easy maintenance?

We have split DNS set up for our domain, which causes internal clients to resolve different DNS records from external clients. As it is right now, the two zones are managed completely separately. For records that differ between internal and…

domain-name-system internal-dns split-dns

asked Oct 27 '11 at 04:14

Moduspwnens

votes

1 answer

Windows DNS server: host a zone, but forward unknown entries

We have a split brain DNS scenario in our company where we have the same entries pointing towards different IPs. Example1: Internal DNS: email.company.net (A) 172.20.1.1 External DNS: email.company.net (A) 22.191.72.18 So email is just one of the…

domain-name-system dns-zone windows-server-2019 split-dns

asked Sep 29 '20 at 14:54

Mario Jost

votes

1 answer

BIND split-view DNS not working with zone transfer

I am setting up two DNS servers. One is on the firewall/router, the other is an internal server. I have lots of experience setting up DNS servers, so this problem is particularly perplexing. Machine setup Firewall external address:…

domain-name-system bind split-dns

asked Jan 06 '10 at 21:09

Barry Brown

2,392
4
22
23

votes

2 answers

PowerDNS Split Horizon Resolver

I've looked around the web for a solution and have found numerous threads with different suggestions. Most of which I've found has been using LUA on the resolver to return records. Other posts suggest using GEO-IP or Pipe backends. All of the…

domain-name-system powerdns split-dns

asked Jun 18 '15 at 18:04

Michael Moser

votes

2 answers

BIND9 DNS with external view inside the internal view

I'm planning a new BIND9 DNS Server with a special kind of view. We a have a lot of external zones and public IPv4 addresses. To keep things simple we have a subzone of our external domain just for the internal scope; something like:…

domain-name-system bind split-dns

asked Apr 30 '14 at 17:07

Vinícius Ferrão

5,400
10
52
91

votes

1 answer

Split DNS clarification

I need some clarification if I understood this correctly. I've been reading about Active Directory and naming my domain, and the reason Microsoft didn't suggest using external public domain was DNS Split. If I understood correctly (and please…

domain-name-system active-directory split-dns

asked Nov 12 '13 at 20:22

RidableCthulu

2 3 4 Next