how can i set up BIND to use a different DNS for a specific domain

at work we are using a VPN tunnel to communicate with an external network that is set up for testing. There is also a DNS running inside this external network, and I would like to have a local DNS service on my machine which acts in the following way:

does the requested hostname end with .that.specific.domain? -> ask the DNS service at 192.168.xxx.yyy
in all other cases -> ask the default DNS service (i.e. our Router or some server on the Internet)

I am a complete novice with DNS configurations, so I scanned through quite a few manuals and tutorials about BIND but it's hard to really find out for me how to do this. I added the following to my named.conf, but this did not work so far:

zone "that.specific.domain" IN {
    type slave;
    masters {192.168.xxx.yyy;};
};

I still can resolve every internet host, but I cannot resolve any host from that external network. If I ask that DNS directly (i.e. nslookup hostname.that.specific.domain 192.168.xxx.yyy), it can be resolved though. So it's not a network issue.

But in general I think this shouldn't be a hard thing to do. Does anybody know what might be wrong in my configuration, or whether I should do something completely different to accomplish my goal?

mightymachine

Posted 2014-10-31T12:28:38.120

Reputation: 11

You need to set up conditional forwarding. See this answer in serverfault.

– Ville – 2017-07-05T08:53:21.613

Answers

What you are looking for is already done by DNS settings in your PC. There are settings for primary and secondary DNS servers.

In Windows it looks like this (properties for devise that is connected to your network which is operated by DNS servers):

Device properties

In Linux-based OSs you have file which is called resolv.conf, and it should look like this:

nameserver 192.168.xxx.yyy
nameserver 192.168.yyy.xxx

If you are trying to set up your own DNS service and make it to "ask" other DNS servers for unknown hosts, you have to look at forwarders in your DNS configuration. You can find those settings in named.conf:

forwarders {
    192.168.xxx.yyy;
    192.168.yyy.xxx;
};

This will work as far as your secondary DNS server is not locked to some domain zone, like your company's own internal network (authoritative DNS server).

Reference:

http://www.maxprog.com/site/support/us/emailverifier/editing_dns_servers.php http://linux.die.net/man/5/resolv.conf

user423645

Posted 2014-10-31T12:28:38.120

Reputation:

If I understand your question, you have an existing DNS server which resolves hosts without issue, either by recursion or through ISP forwarders. You would like your DNS server, in the case of a specific domain name, to use a different set of forwarders when forwarding the request.

This is done in BIND using "Forward Zones" and in Windows DNS using "Conditional Forwarders."

http://docstore.mik.ua/orelly/networking_2ndEd/dns/ch10_05.htm From DNS/Bind, Section 10.5.2:

zone "that.specific.domain" {
    type forward;
    forwarders { 192.168.xxx.yyy; };
};

Dawn Benton

Posted 2014-10-31T12:28:38.120

Reputation: 986