Bind: override single SRV record only, forward the rest



To get our internal libravatar server working, I need to setup a SRV record for our public domain     IN SRV 0 0 80  avatars.internal

As you see the avatar server is on an internal domain that is not accessible from outside, thus the SRV record should not be available publicly.


We have a BIND DNS server that resolves requests for internal domains. This server forwards requests forward to the public DNS server (and that should be kept that way so we only have to manage public names on one server).

Now how can I override the SRV record on our local BIND server, while forwarding all other requests to the public server?

I know this is easy with subdomains (just define a master zone for the subdomain, done), but I fail to do that for SRV records for the main domain. What can I do?

What I've tried

With the following setup, resolution works for the subdomain, but not for the main domain:

$ dig @localhost +short SRV
$ dig @localhost +short SRV
0 0 80 avatars.internal.


zone "" {
  type master;
  file "/etc/bind/";
  allow-update { none; };

zone "" {
  type master;
  file "/etc/bind/";
  allow-update { none; };


$TTL    86400
@               IN SOA  @       root (
                                        2012082201      ; serial 
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum

@               IN      NS
@               IN      A     IN SRV 0 0 80  avatars.internal.


$TTL    86400
@               IN SOA  @       root (
                                        2012082201      ; serial
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum
@                              IN NS
@                              IN SRV 0 0 80  avatars.internal.     IN SRV 0 0 80  avatars.internal.

(yes the last two lines are identical, but just to make sure)

Best Answer

Add a zone for the specific name ( to your internal DNS server, containing the single record you wish to override.

A SRV record is not special - it is just a DNS record, and it behaves like any other DNS record.

The override zone should look similar to what's below

$TTL    3600

@       IN      SOA (
                                   2009071505  ; serial
                                   10800       ; refresh
                                   3600        ; retry
                                   3600000     ; expire
                                   86400 )     ; minimum

@   IN  NS       IN  SRV 0   0   80