I have a server which requires external internet access, however our internal DNS does not resolve external addresses (as per best practice). I can ping external addresses by IP, but I cannot find a good guide on setting up an internal and external DNS.
What is the best way of doing this?
Internal and External DNS
Re: Internal and External DNS
I don't know if it will work, but you can have
several DNS definitions in the ifcfg-file(s), e.g.:
DNS1=ip.address.internal.dns
DNS2=ip.address.external.dns
Edit: you may also look at /etc/resolv.conf
several DNS definitions in the ifcfg-file(s), e.g.:
DNS1=ip.address.internal.dns
DNS2=ip.address.external.dns
Edit: you may also look at /etc/resolv.conf
Re: Internal and External DNS
The glibc isn't very efficient at resolving. It will try servers in same order and probably won't move to next if one responds.
You can configure NetworkManager to use a different resolver. Several options, including dnsmasq and systemd-resolved. Haven't tested, but supposedly anything is better than the default.
Re: Internal and External DNS
Using two different DNS servers does not work for this as the resolver ONLY checks them one at a time until one of them responds with an answer. Any answer, even if it says "dunno", and that is treated as the last and final answer.
Any DNS server on linux has to be able to answer any query, even if that means configuring a forwarder on the server. About the only thing you can do with nameservers is to rotate them so that it consults #1 for the first query, #2 for the 2nd etc and then back to #1. That's really only of use to distribute traffic as it doesn't help if one of your DNS servers only has half the answers. Whichever one it picks, it still has to answer the question it's asked. The only time it uses a second nameserver entry is if the first one fails to respond at all.
Could you perhaps point me to the best practice doc you've found about keeping internal and external nameservers separate? I can see that this is wise if you mean you need to keep your internal servers separate from the ones that the rest of internet use to resolve your own domain names to ip addresses. But I can't see how it would work if you need to resolve both internal and external names on an internal system. The DNS server you ask your questions to has to know all the answers.
Any DNS server on linux has to be able to answer any query, even if that means configuring a forwarder on the server. About the only thing you can do with nameservers is to rotate them so that it consults #1 for the first query, #2 for the 2nd etc and then back to #1. That's really only of use to distribute traffic as it doesn't help if one of your DNS servers only has half the answers. Whichever one it picks, it still has to answer the question it's asked. The only time it uses a second nameserver entry is if the first one fails to respond at all.
Could you perhaps point me to the best practice doc you've found about keeping internal and external nameservers separate? I can see that this is wise if you mean you need to keep your internal servers separate from the ones that the rest of internet use to resolve your own domain names to ip addresses. But I can't see how it would work if you need to resolve both internal and external names on an internal system. The DNS server you ask your questions to has to know all the answers.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Internal and External DNS
Different subnets and routes I guess.keeping internal and external nameservers separate
Re: Internal and External DNS
Yes but... if you have a nameserver specifed and it answers a query then it HAS to know ALL the answers. It can't just know the internal ones and think that the next nameserver will supply the missing pieces because if it answers at all then its answer is taken as the definitive one and the next nameservers will never be asked at all.
Nameservers are not connection specific. They are system wide. A nameserver is not bound to an interface, it applies to any and all interfaces on the system.
Nameservers are not connection specific. They are system wide. A nameserver is not bound to an interface, it applies to any and all interfaces on the system.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Internal and External DNS
That is very true for a client that wlii ask: "Who is X?"
On the other hand a host can run a DNS server that could give different answer depending on who asks. However, it should answer all questions of all its clients. (Telling external client that internal name does not exist is a valid answer.)
On the other hand a host can run a DNS server that could give different answer depending on who asks. However, it should answer all questions of all its clients. (Telling external client that internal name does not exist is a valid answer.)