A mini split DNS

I have a new application Cisco expressway that recommends split DNS. To date we have had separate internal zone acme.local and external acme.com. I am resistant to split DNS because everything has worked fine as is for years. Cisco wants a record in acme.com that only resolves internally. How can I setup an internal acme.com zone without creating an entire copy of external acme.com with this extra record? I want to avoid managing acme.com in two places. Can I setup an internal acme.com that just resolves the one record but refers to outside DNS for all other acme.com resolution?
LVL 2
amigan_99Network EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

asavenerCommented:
What's the record they want in the .com zone?  Is it just something you can put in the external zone and not worry about?
asavenerCommented:
Ah.  I get it.  They have a global configuration option that sets a hostname "ciscoexpressway.acme.com" and they want external clients to resolve the public IP address and on-prem clients to resolve the private IP address....

Another way to accomplish this would be to set up hairpinning on your firewall, so that internal clients can access the service via the public IP address.
footechCommented:
You don't mention what you're running for internal DNS.

The following is what you'd do for Windows.
Create a new Forward Lookup Zone with the same name as the FQDN you want to resolve, e.g. "cisco.acme.com".  Inside that zone, create a new A record and leave the name blank (after it's created you will see it as "same as parent folder".  In this way, only the "cisco.acme.com" record (and any records existing below that like "xxx.cisco.acme.com", and "blah.cisco.acme.com") would be resolved by your internal DNS, while other queries for acme.com would get passed to forwarders or root hints.
Virus Depot: Cyber Crime Becomes Big Business

The rising threat of malware-as-a-service is not one to be overlooked. Malware-as-a-service is growing and easily purchased from a full-service cyber-criminal store in a “Virus Depot” fashion. View our webinar recording to learn how to best defend against these attacks!

asavenerCommented:
I think he still wants his internal clients to be able to resolve addresses in the external acme.com zone.
footechCommented:
As I mentioned, other queries for acme.com would get passed to forwarders or root hints for resolution from public records.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
amigan_99Network EngineerAuthor Commented:
_cisco-uds.acme.com needs to resolve inside but not resolve outside. It's part of their MRA discovery process - how to find your call manager or expressway intermediary.
asavenerCommented:
In that case, I think footech's suggestion is the right one.  Create a zone _cisco-uds.acme.com, and an A record with a blank name and the IP address of the Expressway server.
amigan_99Network EngineerAuthor Commented:
Thanks got it working
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.