we have a domain name example.org which is used in our headquter.
example.org resolves to the headquaters external ip (dynamic DNS) and the subdomains to hosts/servers.
now we got a second buero connected via VPN to the headquater. In order to be able to resolve those hosts/servers without adding the main-dns-server (which is only reachable via vpn) as the new bueros primary DNS I would like to sync the headquaters zone-files to the bueros DNS (bind) server.
This works but i have the problem, that once I'm using this zone "example.org" is resolved to an internal address so I'm no longer able to establish my VPN-connection.
any hints what I'm doing wrong ?
I've read about subzone forwarding and tried to forward "ext.example.org" to an external DNS-server and make the VPN use ext.example.org instead of example.org (ext.example.org is CNAME for example.org) but I could not get it to work...
Is this the right direction or are there better solutions ?
Thanks.
You probably want to define different views for the zone that answer differently depending on the source of the request.
I don't know where you read about "subzone forwarding", but it is not an existing concept in BIND or DNS; you can either forward a zone, or delegate a zone, to another nameserver.
View documentation
Zone delegation documentation