I need to internally redirect some host records for our public DNS domain for internal client access but retain dns forwarding for any records that arent hosted internally.
Example: public domain 'company.com.au' is hosted on an external DNS server.
As an example, if I have ftp.company.com.au
as a public A record that points to a public IP that is port forwarded through our firewall to an internal ftp server, internal clients cannot connect due to what I assume is a routing issues going out the firewall and back in again. Is this normal?
To get around this traditionally, I have created a duplicate forward lookup zone on our internal DNS servers, and created custom A records that point to the internal server IP's and this works fine.
The thing I am curious about, is should this zone still be able to forward out to the root hint servers for hosts that DNS cannot resolve? Or once I create an internal dns zone, does the lookup end there. I dont want to have to create duplicate A records that match the puclic one's.
Is this by deisgn as not to cause too much issue with your .local domain dns resolution. And if so, is there a way to force it to go external, after it tried an internal lookup, if it cant match DNS on the internal zone? Is this where conditional forwarding would come into play?
addition: Just wanted to add that our internal DNS does not using forwarding, and goes to the root hints.