I am trying to develop my own dynamic DNS. I'm running my own custom DNS for the subdomain on port 5353. ASCII diagram:
INET --->:53 Bind 9 --->:5353 node.js
|
V
zone_files
I have example.com. The node.js DNS is for dyn.example.com.
In my /etc/bind/named.conf.local I have:
zone "example.com" {
type master;
file "/etc/bind/db.com.example";
allow-transfer {
zonetxfrsafe;
};
};
zone "dyn.example.com" IN {
# DYNAMIC
type forward;
forwarders { 127.0.0.1 port 5353; };
forward only;
};
I've even gone so far as to add a NS in my example.com zone file:
$TTL 86400
@ IN SOA ns.example.com. hostmaster.example.com. (
2013070104 ; Serial
7200 ; Refresh
1200 ; Retry
2419200 ; Expire
86400 ) ; Negative Cache TTL
;
NS ns ; inet of our nameserver
ns A 1.2.3.4
; NS record for subdomain
dyn NS ns
When I attempt to get a record from the subdomain server it doesn't get forwarded:
dig @127.0.0.1 test.dyn.example.com
However if I turn recursive on in /etc/bind/named.conf.options:
options {
recursion yes;
}
.. then I CAN see the request going to the subdomain server.
But I don't want recursion yes;
in my Bind configuration as it is poor security practice (and allows all-and-sundry requests that are not related to my managed zones).
How does one forward (proxy) zone queries for just one zone? Or do I give up on Bind altogether and find a DNS server that can actually forward specific queries?
This cannot be done. Query forwarding is a form of recursion, and this is behaving as expected.
You must either set up your dynamic DNS as its own discrete nameserver, or perform zone transfers off of it.