Configuring Split-Horizon DNS on Linux
Split-horizon DNS (also called split-brain DNS) returns different answers depending on the source of the query. This is useful when internal clients should resolve to private IPs while external clients receive public IPs.
Why Use Split-Horizon DNS
- Internal services resolve to private network addresses for faster local access
- External users receive public-facing IP addresses
- Reduces hairpin NAT issues on your Breeze network
BIND Configuration
Define ACLs and views in /etc/bind/named.conf:
acl "internal" {
10.0.0.0/8;
192.168.0.0/16;
172.16.0.0/12;
};
view "internal-view" {
match-clients { internal; };
zone "example.com" {
type master;
file "/etc/bind/zones/internal.example.com.db";
};
};
view "external-view" {
match-clients { any; };
zone "example.com" {
type master;
file "/etc/bind/zones/external.example.com.db";
};
};Zone Files
Create separate zone files for each view. The internal zone points to private IPs:
; /etc/bind/zones/internal.example.com.db
@ IN A 10.0.1.50
www IN A 10.0.1.50
db IN A 10.0.1.51The external zone uses public addresses:
; /etc/bind/zones/external.example.com.db
@ IN A 203.0.113.10
www IN A 203.0.113.10Validate and Reload
sudo named-checkconf
sudo named-checkzone example.com /etc/bind/zones/internal.example.com.db
sudo systemctl reload bind9Test from both internal and external networks using dig to confirm correct resolution for each view.