I have setup BIND9 to resolve domain names used by my work group, it contains:
- public domain names:
*.my-company.com
- our own TLD
*.top
but I don't know how to setup clients to add an extra DNS server.
I'll call my DNS server as DNS-mine
, and the default DNS servers returned from ADSL as DNS-system
.
I must not forward DNS-system
through DNS-mine
for network-speed reasons and user preferences.
(Users are distributed over the world, and DNS-mine
is sat in US).
I have tried several ways, as follows:
-
Add IP4 of
DNS-mine
(1.2.3.4) to resolv.conf:nameserver 8.8.8.8 # DNS-system nameserver 1.2.3.4 # DNS-mine
however,
DNS-mine
is never queried. asresolv.conf(5)
said the second nameserver is only queried when the first one was timeout, howeverDNS-system
here does never timeout.and
resolv.conf
is reset by network manager, too. -
Add zone
'*.top.my-company.com'
toDNS-mine
, and make it the same as.my-company.com
zone. Then Change/etc/hostname
toa1.my-company.com
,a2.my-company.com
, etc. in each client. This works as:www.top -> www.top.my-company.com == www.my-company.com
However, I must add all client host names in
DNS-mine
at the same time, otherwise the client stucks:127.0.0.1 a1.my-company.com 127.0.0.1 a2.my-company.com 127.0.0.1 a3.my-company.com
The clients don't have WAN IP(s), as they are behind the firewall. And new clients may join in in any time.
-
The same as above, but don't change
/etc/hostname
, add to/etc/resolv.conf
instead:domain my-company.com
This works very well, however, the
/etc/resolv.conf
file is automatically reset by network manager. -
Add all names
*.top
to/etc/hosts
file, then just ignoreDNS-mine
, this works very well, but hard to maintain.
Best Answer
In order to add a new TLD that ICANN doesn't yet recognize (like you are) you have to put a DNS server that considers itself authoritative in the DNS resolution chain. In practice, this means the first hop. In order to use your *.top domain internally, you will have to either point all of your clients at your own DNS server, or maintain /etc/hosts files. One of the two.
As for top.my-domain.com, you have some options. Whichever DNS servers are authoritative for my-domain.com (you don't say) will be able to also serve up top.my-domain.com. This may be your best bet for simplicity's sake. Have your (presumed) DNS hosting service add that subdomain and add the entries you need.
However, hosting a local DNS server is not a bad idea at all really. They're called a Caching DNS server and cache resolved names so they can be retrieved faster than they would be pulling from the Internet. If you add your *.top domain to it, it'll provide all of your needs.