0

Scenario: There are three physically separated networks, no firewall or router connect them together. In each network there are DNS-servers that resolves hosts in only that network. All networks have the same domain-suffix though. There are some hosts that are multihomed with one interface in each network, an these have DNS-servers from all three networks configured as resolvers.

Problem: Multihomed hosts that have one interface in each network only send DNS-requests to its primary DNS-server. When this answers, it doesn't continue with the next DNS-server even though the answer is the the hostname is unknown.

Question: Is there a way to get multihomed hosts to be able to resolve hostnames in all three networks?

Andreas Mattsson
  • 1
  • 2
  • So you have three completely disconnected networks that all use the same exact DNS suffix for their Hosts? Is that right? – MDMarra Aug 13 '15 at 11:55
  • NXDOMAIN is an answer. Why would a DNS client query another DNS server for an answer when it's already received an answer? – joeqwerty Aug 13 '15 at 13:22
  • MDMarra: Yes, that is correct. I't is not how I would have chosen to design it, but it's the setup that I need to fix. – Andreas Mattsson Aug 14 '15 at 12:50
  • joeqwerty: Yeah. This is basically the problem, since we're stuck with everything being in the same domain. Was hoping that iterative dns-referrals would work, but it doesn't seem to. – Andreas Mattsson Aug 14 '15 at 12:52

1 Answers1

1

By design of the DNS, all name servers listed in the resolver configuration are assumed to have the same data. Multiple name servers are meant for redundancy, not for split namespaces. So if one name server replies that a certain host name does not exist then that answer is considered authoritative and it doesn't make sense to ask for a second opinion from another name server.

Your scenario can be addressed in one of two ways:

Either create separate subdomains for the three networks and delegate those to the name servers in the respective network only, while replicating the superior domain to the name servers in all three networks. IMO that would be the cleanest solution.

Or set up split-horizon DNS, with all name servers containing all the information for all three networks, and separate views (if you use BIND) handing out only the data of one network according to the requesting host's IP address, plus a view for the multihomed hosts handing out the complete data.

Tilman Schmidt
  • 4,101
  • 12
  • 27
  • I've thought about the subdomain solution. It is how I would have chosen to design the network from the start if I had been involved at the time. Unfortunately, we have close to 10000 hostname addressed devices in operation and to reconfigure everything for new domain names would cause intolerable interruption. But the split-horizion DNS would be a workable solution I think. As a matter of fact, it would be enough to have a split-horizon DNS on one of the servers, since it is only the multihomed hosts that ever need to resolve addresses in more than one network. Will look into this. Thanks. – Andreas Mattsson Aug 14 '15 at 13:08