How do I resolve a DNS name for the same zone not found locally but that exists on another DNS server?

Question

I need to run a local BIND DNS server for a series of Linux Containers. Let's say the zone is example.com

There is already an example.com domain in my infrastructure which I want to override some records with using my local DNS server (it has to be DNS and not local hosts).

Is there a way of telling BIND to check my local DNS server and if no record is found lookup the record for the same zone on another DNS server.

I have tried setting forwarders but I would appear this is only for different zones and not the same zone.

Any ideas?

Answer 1

You could use a response policy zone (in the following called rpz) that allows to override any name queried via your bind server.

Paths refer to Debian.

In the options section, /etc/bind/named.conf.options, add:

options {
    # Create a response-policy zone to allow overrides
    response-policy { zone "rpz"; };
};

Add the rpz zone in /etc/bind/named.conf.local:

zone rpz {
    type master;
    file "/etc/bind/db.rpz";
    allow-query { none; };
};

Finally, the rpz zone file /etc/bind/db.rpz:

; BIND zone file for rpz zone
;
$TTL    600
@               SOA     localhost.        root.localhost. (
                            2017100300      ; Serial
                            86400           ; Refresh
                            10800           ; Retry
                            3600000         ; Expire
                            600             ; Negative Cache TTL
                    )
            NS      localhost.

google.com      CNAME   forcesafesearch.google.com.
example.com     A       192.0.2.123