-2

I currently have two public facing DNS servers running simultaneously, which share the same public IP address. I need them both to be accessible over TCP/UDP port 53.

I was thinking that since they each service a different DNS zone, that I could simply configure one to forward requests concerning the other's zone to the other server, sort of like the name-based reverse-proxies use by web servers. I thought about using an NS record using the other server's local IP, but I wasn't quite sure if that would work the way I want it to.

Questions:

  1. Is this possible?
  2. If so, how do I do it on a BIND server (Ubuntu Server OS)?
  • http://unix.stackexchange.com/questions/22552/how-to-let-named-bind9-forward-certain-domains-to-a-different-nameserver should cover what you want to do – R. S. Oct 18 '16 at 01:01
  • kormoc but does that forward the request from my DNS server, or does it return the NS value to the client and let them work it out themselves? If the latter, I don't think that will work. –  Oct 18 '16 at 01:09
  • ^ Unless it accommodates port number specification, in which case I could forward to :54, and run the second server off of port 54. –  Oct 18 '16 at 01:11
  • It should forward internally. The external servers don't see the extra hop – R. S. Oct 18 '16 at 01:18
  • kormoc Excellent! Exactly what I was looking for! Thanks! –  Oct 18 '16 at 01:25

1 Answers1

3

So far I don't see a single point of running two DNS servers. Run one with as much zones as you need.

Update: but if we are considering the case when you're absolutely sure you need to run two DNS servers, then this is the perfect example when the container-based virtualization comes in hand. Unlike the majority of cases when it's used nowadays. I'd propose you lxc. Docker got the ability to run the bridged networking recently, but it may still be immature. Anyway, this is up to you to experiment with. I would stick with lxc.

drookie
  • 8,625
  • 1
  • 19
  • 29
  • I am using the second server to dynamically manage one of my subdomains over a web-based interface, using apache web server. Being as I am writing the management scripts myself, and I don't fully trust my abilities in writing such scripts, I feel more comfortable delegating this task to a separate server, so that if it fails, it won't screw up my existing DNS system. Other than this, you are correct; there are very few legitimate cases in which this would be useful, but nonetheless I'd like to point out that your answer doesn't really answer my question as stated (-1). –  Oct 18 '16 at 11:10
  • okay, you got your point. I've updated my answer accordingly. – drookie Oct 18 '16 at 13:19
  • Excellent. I will look into lxc as a possible solution. Thank you very much! –  Oct 18 '16 at 16:57
  • You're welcome, but one more notice: you will need two IP addresses. :) – drookie Oct 18 '16 at 18:01