I have an internal DNS (it is completely internal, ie. the network is not connected to Internet) for a group of networks. They are set up as follows:
Each network has a different address range of
10.x.0.0/16and its own domaindomainx(it is a top-level domain) - for example network10.1.0.0/16hasdomain1(all hosts in this network have DNS namessomehost.domain1)For each network/domain, host
ns.domainx(10.x.1.1) is a DNS server that handles both forward zonedomainxand reverse zonex.10.in-addr.arpaThese networks are not interconnected, except of a special multi-homed server that has connectivity to all these networks (and my question is about that server in fact) - but it does not route packets between those networks, it only can communicate with each of them. It is by design, each network is designed to be operated separately and standalone.
Therefore, the DNS server in each network knows only about its domain; it doesn't know (and should not know) anything about domains from other networks.
However, the multi-homed server I mentioned earlier needs to have working DNS resolution for addresses in all these networks. By requirement, I can't touch anything in any of the networks, in particular their DNS servers. I can only modify configuration of the multi-homed server.
So I set up BIND on the multi-homed server that just defines zone
.as "master", and the zone file contains the following records:1.10.in-addr.arpa. IN NS ns.domain1. domain1. IN NS ns.domain1. ns.domain1. IN A 10.1.1.1 2.10.in-addr.arpa. IN NS ns.domain2. domain2. IN NS ns.domain2. ns.domain2. IN A 10.2.1.1 3.10.in-addr.arpa. IN NS ns.domain3. domain3. IN NS ns.domain3. ns.domain3. IN A 10.3.1.1and so on for all networks.
Everything works OK, but there is one small issue.
Sometimes the DNS server for a particular network is down. In these networks, the DNS server being down is not considered a failure - it is just a normal operating state that can happen. It is expected and normal that there will be no DNS resolution for that particular network at that time.
But there is one particular IP address in network 1 (say, 10.1.10.10) that I want always to resolve to a domain name - even when the DNS for network 1 is down. So it must be resolved by the local server, not delegated to the server for network 1. Actually, it is also acceptable that NXDOMAIN will be returned as a response to the query for this address (if this is easier to configure), but the response must be returned immediately, without trying to contact the DNS server for network 1 - the delay when that server is down is exactly what we want to avoid.
And I don't know how to do this.
Adding a PTR record for 10.10.1.10.in-addr.arpa. to the . zone file does not work - it seems to be simply ignored, and when the DNS for network 1 is not working, 10.1.10.10 is not resolved.
How to make this address resolve locally?
I found a solution. It was actually simple. It was sufficient to add
10.10.1.10.in-addr.arpaas another "master" zone to mynamed.conffile, with the zone file beingnamed.emptyie. the default file included in BIND configuration to serve zone0.in-addr.arpa.Now the query for
10.1.10.10gives the answer that the address has no PTR record, regardless whether the DNS server for10.1.0.0/16is up or down. That eliminates the delay when resolving the address, which is sufficient for me. Of course I could define a separate zone file for this zone instead ofnamed.emptyand add in this zone file a PTR record for@to make the IP address actually resolve to some domain name, but I have no need for this right now.