What is split DNS

It is an advanced concept, and in which, the DNS server is configured to respond to the same query differently, based on the hosts accessing it. It is done by configuring different views or visibility in name server. A typical example is, how DNS server responds to the queries from the same server and the queries from outside of the server. The view clause is available with BIND 9.x, and hence the latest release of Cpanel is using this concept.

Configuration

In this configuration, we will be considering only two views to the name server. One is internal and other is external. The internal view is
responsible for handling queries from within the server, and the external view, responsible for managing queries from outside the server.

In the following example, we consider adding a domain name say “example.com” to the internal view as well as the external view.

view “internal” {
match-clients        { localnets; };
match-destinations    { localnets; };
recursion yes;

zone “.” IN {
type hint;
file “/var/named/named.ca”;
};

zone “example.com” {
type master;
file “/var/named/example.com.db”;
};
};

view    “external” {
recursion no;

zone “.” IN {
type hint;
file “/var/named/named.ca”;
};

zone “example.com” {
type master;
file “/var/named/example.com.db”;
};
};

A view is matched against a particular query based on match-clients or match-destinations statements in the view clause. In the above example, view “internal” has the following statements.

match-clients        { localnets; };
match-destinations    { localnets; };

Here, the match-clients matches source IP address of the host and match-destinations matches the destination IP address specified in DNS request. It is specified as “localnets”. It is a builtin macro, which matches any hosts on that network. Other bulitin macros are the following:

any – allows all hosts
none – denies all hosts
localhost – allows IP address of all interface on the system

If we haven’t defined any match statements, it will default to any and allows request from any hosts.

So, in our example, view “internal” will be allowing requests from all the IPs that are configured on the server. Since view “external” doesn’t have any match statements, it will allow queries from anywhere.

In this example, we allow recursive query only within the server. In view “external”, the recursive query is disabled.

Conclusion

We can configure the a single DNS server to behave differently by defining appropriate views. There is no need to run separate DNS servers for internal as well as external networks. We can also make some restrictions, just like the way, we disabled recursion for queries from outside the server.