Can an authorative DNS server be configured to recurse when unable to find record locally?
This is indeed not a unique problem. From the top of my head, there are two "solutions" commonly employed:
- Manually copy over entries to both DNS infrastructures for records that need to be available publicly. Note that this is only the case for services hosted publicly, e.g. a VPS instance. Since
app.example.com
hosted internally would require a public IP address externally but probably a private IP address internally. Now that automation is the hype you will want to look into automating this should you frequently have to alter these public IP addresses on both locations. If your current DNS hosting provider is no good (bad quality or no API for automation) then you can simply switch to a different provider. - Use a different domain internally. If you own
example.com
and your public servers use this domain, e.g.www.example.com
andmail.example.com
then your internal network can usead.example.com
if you use Windows Active Directory, orcomp.example.com
or anything you like. Internal resources will live in this name space and public ones (e.g.www.example.com
) will be forwarded to your public DNS provider. This way you do not need to replicate DNS entries.
There are pro's and cons to both solutions and other solutions might exist.
It is not possible to configure an authoritative DNS server to forward the query if it doesn't find an answer in its database. "Authoritative" means it knows everything about the zone. You could configure specific forwarders, e.g.:
zone "example.com" {
type master;
file "...";
};
zone "www.example.com" {
type forward;
forwarders { 203.0.113.53; };
};
zone "mail.example.com" {
type forward;
forwarders { 203.0.113.53; };
};