When working on client websites internally, we often need to override specific subdomains (like support.client.com) to point to our development servers while letting other subdomains resolve normally. This creates a realistic testing environment without affecting the live site.
Here's how to implement this in BIND (v9.9.5+):
zone "abcd.com" {
type master;
file "/etc/bind/zones/abcd.com.override";
allow-query { any; };
};
The zone file should contain:
$TTL 3600
@ IN SOA ns1.abcd.com. admin.abcd.com. (
2024010101 ; Serial
3600 ; Refresh
900 ; Retry
604800 ; Expire
86400 ) ; Minimum TTL
; Local overrides
support.abcd.com. IN A 192.168.1.1
faq.abcd.com. IN A 192.168.1.1
; Delegate everything else to authoritative servers
@ IN NS ns1.livedns.com.
@ IN NS ns2.livedns.com.
For more complex scenarios, consider these approaches:
; Wildcard exception (override all except www)
*.abcd.com. IN A 192.168.1.1
www.abcd.com. IN CNAME live.abcd.com.
; Split-view DNS (internal vs external)
acl internal { 192.168.0.0/16; };
view "internal" {
match-clients { internal; };
zone "abcd.com" {
type master;
file "/etc/bind/zones/internal/abcd.com";
};
};
Always verify your changes:
named-checkzone abcd.com /etc/bind/zones/abcd.com.override
dig +short support.abcd.com @localhost
dig +short www.abcd.com @localhost
For high-traffic environments, add these optimizations:
options {
max-cache-size 256M;
max-cache-ttl 3600;
min-cache-ttl 300;
};
When working on client websites, we often need to override specific subdomains (like support.client.com) to point to our development servers while allowing other subdomains to resolve normally. This creates a hybrid environment where only the modified components are served locally.
The most effective method is using zone declarations in named.conf with type master for overrides and type forward for everything else. Here's the proper implementation:
// named.conf.local
zone "abcd.com" {
type master;
file "/etc/bind/zones/abcd.com.override";
};
zone "support.abcd.com" {
type master;
file "/etc/bind/zones/support.abcd.com.override";
};The zone file should contain explicit overrides and a wildcard forwarder:
; abcd.com.override
$TTL 3600
@ IN SOA ns1.yourdomain.com. admin.yourdomain.com. (
2023081501
3600
900
1209600
3600 )
IN NS ns1.yourdomain.com.
; Override specific records
support IN A 192.168.1.1
faq IN A 192.168.1.1
; Forward everything else
* IN CNAME @For more complex setups, consider using BIND views to differentiate between internal and external resolution:
view "internal" {
match-clients { 192.168.1.0/24; };
recursion yes;
zone "abcd.com" {
type master;
file "/etc/bind/zones/internal/abcd.com.zone";
};
};
view "external" {
match-clients { any; };
recursion no;
zone "abcd.com" {
type forward;
forwarders { 8.8.8.8; 8.8.4.4; };
};
};When implementing wildcard forwarding, ensure your BIND server can properly recurse external queries. These settings in named.conf.options are critical:
options {
directory "/var/cache/bind";
forwarders {
8.8.8.8;
8.8.4.4;
};
forward only;
allow-recursion { any; };
dnssec-validation no; // For development environments
};After configuration changes:
- Run
named-checkconfto verify syntax - Use
dig +trace support.abcd.comto test resolution - Check query logs with
rndc querylog