Thursday, July 31, 2014

Internal DNS server

Internal DNS servers are those behind a firewall which provide host name resolution only within an organization's internal internetwork (or Intranet) and don't directly connect to the Internet. They differ from DNS internal root servers (that define their own root zone) and external DNS servers (that use a standard DNS root hints and directly connect to the Internet for external name resolutions).

The key distinctive configuration is regarding the contents of the (conventionally) so called db.cache containing a custom root hints with pointers to the organization's DNS internal root servers instead of a standard DNS root hints used for ordinary Internet-wide resolution.

Considering the examples given on the DNS internal root post as a base, the top-level internal servers (right below DNS internal root servers) are:
 
  • NS00.business.corp
  • NS01.business.corp 
  • NS02.business.corp 

Each of them would have the following custom root hints configuration:
(the following is a partial excerpt of their db.cache)

;
;       Business Corp.
;
;       DNS internal root servers.
;       last update:    July 31, 2014.

;

.                     3600000  IN  NS    A.business.corp.
                      3600000  IN  NS    B.business.corp. 
                      3600000  IN  NS    C.business.corp. 
                      3600000  IN  NS    D.business.corp.
 
A.business.corp.      3600000  IN  A     10.0.0.10
B.business.corp.      3600000  IN  A     10.0.0.20
C.business.corp.      3600000  IN  A     10.0.0.30
D.business.corp.      3600000  IN  A     10.0.0.40  

; End of File. 

In this particular case, their (NS00 thru NS02) main configuration file, /etc/named.conf would contain:

zone "." in {
  type hint;
  file "db.cache";

  recursion no;
};