Using two physical Linux servers on different sub-nets, I'd like to have master and slave DNS servers. These DNS servers will only resolve internal names and addresses. Neither the DNS servers nor the peer hosts have Internet access, so a query for something like "google.com" should fail.
I can't quite get my head around what alchemy of configuration directives bind/named needs to do this. For example: recursion. This website suggests that what I want is an "Authoritative Only DNS Server". But it achieves this by disabling recursion. I get the impression that I really don't want to disable recursion, as that is the only type of query some programs/APIs make. I know with dig you can specify recursion/no recursion. But what about nslookup, or gethostbyname()? Everything that needs DNS should "just work".
But on the other hand, that same website shows examples with recursion enabled. But that requires a "." zone to be defined, with the accompanying root servers file. But the whole root servers thing is pointless in my config, as there is only one domain (our internal domain). As far as this network is concerned, our internal domain is the only domain.
For what it's worth, this is a relatively small network (about 200 servers and 50 PCs). There will also be a third DNS slave, running Windows Server.
0 Answers