DNS Configuration

jmr · May 14, 2026, 4:59pm

Just learning this, so of course that’s dangerous and I’m not even sure I can properly articulate my issue. Also not sure if this belongs here or somewhere else.

Configuring AL9.7, Bind 9.16.23. I have “mydomain.com” registered and “mycity1.mydomain.com” resolving to my WAN IP and all is well. Now start DNS…

Perhaps my first problem, I think, is I created my DNS environment as being authoritive for “mydomain.com”. I can resolve all local devices forward and backwards, so it seems fine. However, of course, it can’t resolve “mycity1.mydomain.com” presumably because it’s not in my DNS configuration. Server responds that it can’t be resolved so it never tries a different nameserver.

I’ve poured through O’Reilly’s “DNS and BIND” repeatedly (old but excellent book IMHO), but whatever I’m missing isn’t jumping out at me. I figure it’s got to be something extremely simple that I’m overlooking.

Do I need to make my DNS authoritative to “mycity1.mydomain.com” instead? How do I add “mycity2.mydomain.com” and so on all on the one single AND server? I Want every device to ping/connect across those networks/city domains using a non-fully qualified short host name only.

Any guidance would be greatly appreciated!

John

redadmin · May 15, 2026, 12:00am

helllo

I think the key point is that your internal BIND server is authoritative for mydomain.com.

If a name such as mycity1.mydomain.com is not present in that internal zone, BIND will not ask another nameserver for it. It will answer from its own authoritative data, or return NXDOMAIN.

So this behavior is expected when the internal server is authoritative for the whole mydomain.com zone.

thanks

jmr · May 19, 2026, 9:36pm

Thanks for the reply, but what you stated is exactly the problem I reported. My question is how do I fix it?

jlehtone · May 20, 2026, 9:43am

First, I have not used Bind in a long time. I do use dnsmasq for DNS, DHCP (and TFTP).

Isn’t that part of the config of the devices?
Lets say I have:

$ cat /etc/resolv.conf 
# Generated by NetworkManager
search foo me.com bar
nameserver 10.0.0.1
options edns0 trust-ad

so when I do run:

$ host -v snafu
Trying "snafu.foo"
Trying "snafu.me.com"
Trying "snafu.bar"
Trying "snafu"
Host snafu not found: 3(NXDOMAIN)
Received 98 bytes from 10.0.0.1#53 in 3 ms

That is, my “device” did send multiple queries to DNS server. Only the last did try the short name that I actually had written, and only because the previous queries did not give answer.

If the DNS server were set to be authoritative for ‘.foo’ and ‘.bar’, then it could tell outright that snafu.foo and snafu.bar do not exists, but the snafu.me.com it would send to “upstream” DNS servers that it is configured to use.

If you will use only short names in the internal subnet, then the domainname of those devices does not have to be mydomain.com. It could be, for example, lan.mydomain.com and therefore the Bind could_ be authoritative only for the lan.mydomain.com, not for the whole mydomain.com