I am replacing my BIND authoritative nameserver with PowerDNS w/ gmysql backend. I'd like to have my primary domain example.com and its associated hosts like www.example.com to be available to other internet nameservers. However, I want certain subdomains (such as in.example.com to resolve to internal IPs, and therefore I don't want them available to other nameservers. For example, host.in.example.com might point to 192.168.x.x.
I accomplished this before in BIND by specifying an ACL for the IP range of my internal network, then adding an allow-query line to the in.example.com zone.
Is this approach bogus? Is there some alternative to ACLs in PDNS? Do these internal names need to be delegated to another server? It would be convenient to have in one place for administration.
Currently this is not supported in PowerDNS.
There are several patches that will add this functionality but all have limitations. The most promising I have found is: PDNS ACLs