We have a public DNS provider, a private DNS master, and a private DNS slave. The public DNS provides the "example.com" zone, and all of it's subdomains. Our private DNS also provides the "example.com" zone, but some A records point to internal IPs on our LAN instead of public IPs. The annoying thing about this configuration is that we need to duplicate all of our CNAME and MX records on both DNS masters.
On the private DNS master, it would be really cool if I could configure a few known subdomains on our private network, and then fall back to the public master for any undefined records. AFAIK, this could be done with a wildcard NS record, but those aren't allowed.
Examples:
example.com
- Web server is publicly accessible
- Some pages on the web server are only available to requests from the private LAN
cdn.example.com
- Is a CNAME pointing to amazon cloudfront
I don't want to define the cdn.example.com zone on our private DNS server. (And we have many other records that are duplicated.) It would be great if the private DNS server could be a master/slave hybrid for a particular zone, so that it can override certain records, but fetch the rest from the public DNS server.
If bind9 can't do this, is there something else that can? Or maybe I should do this with a shell script that pulls down the master DNS records, before appending or overriding with our custom records?
you can do this by leveraging "views" on bind9
here are some detailed instructions
basically, the same dns server will resolve differently based on the source IP (so internal hosts can have additional resolutions)