Bind 9 Question

Hans Fugal hans at
Sat Dec 1 11:40:04 MST 2007

I have a semi-similar setup here. I have a lan tld, and my
domain both served off of a server on my lan named falcon. Naturally I
don't want to serve up lan to the world, so I have a setup like what you
are asking for. I don't give a different view of, but I could.
This is on Debian.

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";

named.conf.options is rather boring.

view "internal" {
    include "/etc/bind/named.conf-internal";
    include "/etc/bind/named.conf-common";
view "external" {
    include "/etc/bind/named.conf-external";
    include "/etc/bind/named.conf-common";
}; // view "external"

match-clients {;; };
recursion yes;

//zone "" {
//	type master;
//	file "/etc/bind/";

zone "lan" {
    type master;
    file "/etc/bind/dyn/db.lan";
    allow-update {; };
zone "" {
    type master;
    file "/etc/bind/dyn/db.172.17.0";
    allow-update {; };

The external view is similar but for external queries, obviously. The
part I have commented out above is where you would accomplish what you
want. But, if I'm reading it right you might want to proxy the requests
for on to your nameserver out on the tubes. If that's
the case, you might be able to do some trick with forwarding and
(non)authoritativeness. I would probably either go with the two explicit
views (generated by a script and makefile if you want to avoid repeating
yourself), or using an experimental domain or subdomain (which makes
deployment a bit less tested).

On Fri, 30 Nov 2007 at 21:16 -0700, Charles Curley wrote:
> I have a domain,, with its name, etc. served by
> domain name servers out there on the net somewhere. I also have my
> local area network, with machines like foo, bar, and baz. The network
> is NATted and not visible outside of the firewall.
> I currently use the TLD "localdomain" for the LAN, so resolv.conf
> looks like:
> root at dragon:/etc# cat resolv.conf 
> search localdomain
> nameserver
> nameserver
> I set up an experimental server on a test machine which has the domain
> "" and is authoritative for it. Since it is on the
> LAN, only machines on the LAN can see it or use it. I have local
> machines working correctly, e.g. resolves
> correctly. Its resolv.conf looks like:
> root at phoenix:/var/named/etc/sites# cat /etc/resolv.conf 
> search
> nameserver
> The local machines are on, but the server for
> isn't.
> The question is, how do I get the local name server to correctly serve
> up "" (and "", an alias for
> to the local network.
> I already know I can stick it in /etc/hosts, but that has all the
> problems that using /etc/hosts normally has. I'd like to do it with
> bind.
> Thanks
> -- 
> Charles Curley                  /"\    ASCII Ribbon Campaign
> Looking for fine software       \ /    Respect for open standards
> and/or writing?                  X     No HTML/RTF in email
>    / \    No M$ Word docs in email
> Key fingerprint = CE5C 6645 A45A 64E4 94C0  809C FFF6 4C48 4ECD DFDB

> /*
> PLUG:, #utah on
> Unsubscribe:
> Don't fear the penguin.
> */

Hans Fugal ;
There's nothing remarkable about it. All one has to do is hit the 
right keys at the right time and the instrument plays itself.
    -- Johann Sebastian Bach

More information about the PLUG mailing list