Hello,


My configuration is as follows.
I have two views defined, in a split-dns way.

Part of named.conf, from machine viewserver.mydomain.com,
IPs are sanitized:


acl clients {
localhost;
192.0.2.64/26;
192.0.2.192/28;
};

view "internal" {
match-clients { clients; };
recursion yes;

//hint, localhost zones etc defined here
};

view "external" {
match-clients { any; };
recursion no;

zone "subdomain.mydomain.com" {
type master;
file "subdomain.db";
};
};


Also, we have another server, that defines the domain mydomain.com.

In this server, I delegate the subdomain.mydomain.com to the server
that have these views defined by doing:

subdomain.mydomain.com. IN NS viewserver.mydomain.com.

Both servers are located in the internal network.


Then, in the example.db above, I have an A record, say:
mymachine.subdomain.domain.com. IN A 192.0.2.65

So mymachine is also located in the internal network.


Outside the network defined by the ACL, I am able to resolve the external
name mymachine.subdomain.domain.com.

But the problem is that if I am inside the network (from machines that
are in the acl clients), I receive a SERVFAIL response.

Is this the correct behavior ?

Why I could not resolve the external name if I am located in the
internal network ?

To make things work, I must define the zone in the external *and*
in the internal view ?


Sincerely,
Andre Gerhard
Universidade de Sao Paulo