Hostnames on an internal subnet that also resolve in public DNS

Tom Harrison tharrison at
Wed Feb 11 09:25:54 EST 2009

Thanks Ken,

Running an additional DNS server is not practical in our environment  
(which is Amazon EC2) for several reasons.  Amazon EC2 provides their  
own internal server to resolve their own internal addresses, as well  
as recursive DNS requests for public addresses from within the cloud.   
Also our SOA name server for publicly routable names and addresses is  
hosted elsewhere.

I could accomplish everything I need by updating /etc/hosts on all of  
the servers, but this is not practical when you have multiple domains  
and an increasingly large number of servers that come and go. Having a  
single point of management, MaraDNS, becomes essential.

So maybe my question could be rephrased as follows.  Is it possible to  
configure MaraDNS to provide the same functionality of /etc/hosts?   

1) preferential name resolution to a locally routable address of a  
some hosts on our domains,

2) gracefully passes unresolved requests along to the public/recursive  
DNS server provided by our ISP,

3) even if some of the addresses are on the same domain as those we  
manage with MaraDNS.

Thanks all!


On Feb 10, 2009, at 8:23 AM, Ken Lyons - Graphix Wizard/Data-Forms  

> I just run two DNS servers, (two running copies of maradns), one for  
> public and one private resolving.
> I setup the server to have two Internal network addresses, i.e.
> 10.x.x.10  (53) = public DNS resolv
> 10.x.x.11 (53) = private DNS resolv
> And use the firewall to route who gets what...
> all WAN side request go to public and all LAN side go to private
> (or just setup local computers to go directly to the private dns  
> address)
> Ken Lyons
> Tom Harrison wrote:
>> Hello -- re MaraDNS running on Ubuntu/Debian...
>> I need intercommunication of a cluster of servers living in a  
>> private network (10.x.x.x), but also need to get to the address of  
>> the hosts via public DNS.  So, for example, might  
>> resolve to, routable only within the subnet, but from an  
>> external location (our office) would resolve to a publicly routable  
>> IP like 98.76.544.321.  Within the subnet the servers also need to  
>> get at public addresses too, like  I have all of this  
>> working with the config below.
>> However, some of the addresses for our domain are not in the  
>> subnet, e.g. our office ""; these are public  
>> addresses that can be resolved by the upstream servers.  Is there a  
>> way to configure MaraDNS so that a "miss" on a name like  
>> "corp.example.dom" is passed along thus resolving to its public  
>> address?
>> mararc:
>> ipv4_bind_addresses = ""
>> chroot_dir = "/etc/maradns"
>> hide_disclaimer = "YES"
>> recursive_acl = ""
>> upstream_servers = {}
>> upstream_servers["."] = ""
>> csv2 = {}
>> csv2[""] = ""

More information about the list mailing list