The interesting thing about this, is that what you have below will work, if
I point to a name server that is allowed to do recursion (only my internal
dns servers are allowed to do recursion against this server). If I point my
host directly to the server (acting as any Internet based client or dns
server on the Internet), I get the following...."Served by:" and then a list
of the name servers authoritative for the subdomain. It look like it only
works with recursion, which I don't want.
On 10/11/07, Kevin Darcy wrote:
> Chris Rizzo wrote:
> > I have begun the process of creating a split external/internal dns

> setup. I
> > am using bind views so that internal users can see the full zone list,

> but
> > external users only see the Internet routable addresses. It seems to be
> > working except for one small issue....I have a subdomain that is

> delegated
> > out to my load balancing devices, i.e. - the load
> > balancers are running bind, and are authoritative, for the global

> subdomain.
> > When a user queries, it is actually an alias to
> > It looks like the only way that I can get this

> to
> > work is to turn on recursion for the external view, but would rather

> not. Is
> > there some way to do this that I'm missing??? I tried forwarders and

> stub
> > zones but nothing seems to work....Thanks for any help....
> >

> It'll work as is, but only because resolvers are persistent:
> 1) they'll query the nameservers for and get
> back only the CNAME record,
> 2) they'll turn around and query the alias target
> (, which may entail talking, coincidentally,
> again to the same nameservers, which will give them a
> referral for
> 3) they'll get the A records for from the
> nameservers
> 4) they'll merge both the CNAME and A records into the response and pass
> it back to the end-user client
> - Kevin