Ubuntu DNS multiple subnets

I have configured an Ubuntu server to act as a DNS server.  Everything works fine for the local subnet.  Now I want other subnets to use this server as well for DNS.  To get this to work, do I need to configure additional reverse lookup zones for these  even though I dont need to resolve anything in these zones (just need to resolve public internet) or is there something else I need to do?
Who is Participating?
BlakeGriffinConnect With a Mentor Author Commented:
The local network is one private address space that DNS is located on.  Hostnames resolve to this.  The other subnets ( and 192.168.204)  just needs to resove WWW addresses.  I got it to work by adding allow-query { any; }; to the name.conf.options.  Now I just need to figure out how to setup a trusted list.
So you are sure that everything in the local DNS?

First check it.

For example if you have mydomain.com

Issue the following command

dig @localhost mydomain.com

Once you are sure that all the domain names resolve correctly to the correct IP address, you have to see if you have domain registration?

DNS is a network of databases each serving some zones and then when the receive any query that they cannot answer, they forward the request to another server.  So there should be some DNS that forwards request to your DNS that in turn would reply to the queries.

BlakeGriffinAuthor Commented:
Yes I am sure.  I did your dig command and a dig without the @localhost and everything appeared to be find.  In addition, I set another machine on the same subnet as DNS and used the DNS server IP for the DNS setting in the client machine.  Am able to resolve and get to the internet.  When I move to another subnet, resolving doesnt work.  However, I know network connectivity is fine because i can ping and traceroute just fine to the DNS subnet.  Here are the steps I used to config.  Maybe I am missing something.

sudo vi /etc/bind/named.conf.local

# This is the zone definition. replace example.com with your domain name

zone “griffin.local” {
type master;
file “/etc/bind/zones/griffin.local.db”;

# This is the zone definition for reverse DNS. replace 0.168.192 with your network address in reverse notation - e.g my network address is 192.168.0

zone “202.168.192.in-addr.arpa” {
type master;
file “/etc/bind/zones/rev.202.168.192.in-addr.arpa”;


sudo vi /etc/bind/named.conf.options

forwarders {
# Replace the address below with the address of your provider’s DNS server;;


sudo mkdir /etc/bind/zones

sudo vi /etc/bind/zones/griffin.local.db

// replace example.com with your domain name. do not forget the . after the domain name!
// Also, replace ns1 with the name of your DNS server
griffin.local. IN SOA ns1.griffin.local. admin.griffin.local. (
// Do not modify the following lines!

// Replace the following line as necessary:
// ns1 = DNS Server name
// mail = mail server name
// example.com = domain name
griffin.local. IN NS ns1.griffin.local.

// Replace the IP address with the right IP addresses.
// www IN A
// mta IN A
ns1 IN A


sudo vi /etc/bind/zones/rev.0.168.192.in-addr.arpa

//replace example.com with yoour domain name, ns1 with your DNS server name.
// The number before IN PTR example.com is the machine address of the DNS server. in my case, it’s 1, as my IP address is
@ IN SOA ns1.griffin.local. admin.griffin.local. (

IN NS ns1.griffin.local.
100 IN PTR griffin.local


Restart Bind server using the following command
sudo /etc/init.d/bind9 restart

Testing Your DNS Server

Modify the file resolv.conf with the following settings

sudo vi /etc/resolv.conf

Enter the following details save and exit the file

// replace example.com with your domain name, and with the address of your new DNS server.

search griffin.local

Test your DNS Using the following command

dig griffin.local
WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

192.168 ... address is the private address.  Is this the address your host names resolve to?

What is the live IP public address that your DNS is resolving?

So you want the addresses to be resolved by any one in the WWW or just from other subnets within your internal network?
BlakeGriffinAuthor Commented:
Figured everything out.  Needed to add acl "trusted {  LIST }; to named.conf.local
Sorry, I thought that you were trying the world to see your DNS.  You were trying to reach external DNS from your network.

Sorry about that confusion.

Glad you found it.
BlakeGriffinAuthor Commented:
Found the answer prior to anyone else submitting appropriate answer.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.